ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Ask Claude

v1.1.1

Delegate a task to Claude Code CLI and immediately report the result back in chat. Supports persistent sessions with full context memory. Safe execution: no...

0· 243·0 current·0 all-time
by@0xmanel
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description match the declared requirement for a 'claude' binary. However the SKILL.md is tightly tied to a specific user's paths (/home/xmanel/...) and references a wrapper script run-claude.sh that is not provided, which reduces portability and raises questions about what that script does.
!
Instruction Scope
Instructions assert 'workspace-only' operation but also state sessions are stored in ~/.claude/projects/ (outside the chosen workdir). The direct commands use --permission-mode bypassPermissions and unset CLAUDECODE, both of which change runtime behavior and could allow broader file/network access. The skill also claims 'never send data to external servers' despite invoking an external CLI that typically communicates with a service; that claim is not enforceable from the instructions alone.
Install Mechanism
Instruction-only skill with no install spec or downloaded artifacts—this lowers installation risk. The main risk is what the required 'claude' binary and the referenced run-claude.sh wrapper actually do, which are not included.
!
Credentials
No environment variables are declared, yet the SKILL.md manipulates the environment (env -u CLAUDECODE) and relies on a CLI that likely reads credentials/config from ~/.config or env vars. The skill explicitly promises not to touch ~/.ssh, ~/.aws, or ~/.config, but the CLI or session storage could still read those locations unless you verify otherwise.
!
Persistence & Privilege
Skill supports persistent sessions stored in ~/.claude/projects/, which persists conversation state outside the specified workdir and could retain data across runs. The use of --permission-mode bypassPermissions suggests the CLI may operate with relaxed permission checks, increasing blast radius if the wrapper or CLI are compromised.
What to consider before installing
Do not install blindly. Before using: (1) inspect the run-claude.sh wrapper and the 'claude' binary (origin, version, what network calls it makes); (2) test in an isolated sandbox or container; (3) avoid pointing the workdir at any sensitive files (SSH keys, AWS creds, ~/.config); (4) ask the author why --permission-mode bypassPermissions is required and remove it if unnecessary; (5) if you must use it, create a disposable user/home or ephemeral VM to limit persistent session storage in ~/.claude/projects/.

Like a lobster shell, security has layers — review code before you run it.

MIT-0vk971241fg87d0sfd7vajbhhesn82wrbsclaude-codevk971241fg87d0sfd7vajbhhesn82wrbsdevelopment-toolvk971241fg87d0sfd7vajbhhesn82wrbslatestvk971241fg87d0sfd7vajbhhesn82wrbssafevk971241fg87d0sfd7vajbhhesn82wrbsworkspacevk971241fg87d0sfd7vajbhhesn82wrbs

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🤖 Clawdis
Any binclaude

Comments