ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Everything Openclaw (EO)

v2.2.0

Everything Openclaw (EO) - Transform OpenClaw into a Steel Crayfish Legion with 141 experts, 9 commands, Skills dual system, and 15 core innovations

1· 94·0 current·0 all-time
by@467718584
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
CryptoRequires walletCan make purchasesCan sign transactionsRequires OAuth token
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill claims to be an instruction-only plugin with no required env/config, yet the package contains a full codebase (TS/JS files, package.json, package-lock.json, expert library). That mismatch (registry metadata vs. included files) is incoherent. The repository contains orchestration code (multi-expert-orchestrator, subagent-manager) that reasonably belongs to the plugin's purpose, but the presence of executable code means it will do more than just deliver prose instructions—so treat it as a code plugin, not purely instruction-only.
!
Instruction Scope
SKILL.md explicitly instructs 'Proactive Memory Management' (experts write context to memory/ autonomously) and describes hooks that auto-dispatch experts before tool calls. Those runtime behaviors go beyond pure read-only guidance: they direct persistent writes and autonomous orchestration. The SKILL.md also includes install instructions and compatibility claims (import external Claude/ECC skills) that could cause the agent to fetch or translate external artifacts. The pre-scan found a 'system-prompt-override' pattern in SKILL.md, indicating the instructions may attempt to modify agent/system prompts—this is high-risk for prompt injection and autonomy-controlling behavior.
Install Mechanism
Registry lists no formal install spec, but README/SKILL.md instruct installing from a GitHub URL or local build and the package contains package.json and package-lock.json (npm build path). Installing from the listed GitHub repo would execute arbitrary third-party code. The GitHub URL appears to point to an individual repository (not an established organization); the package-lock indicates many dependencies—review dependencies for supply-chain risk before running npm install/build.
!
Credentials
Declared metadata lists no required env vars or credentials (proportionate), but the runtime behavior described (writing memory/, spawning subagents, importing external skills) implies the plugin will access filesystem and network at runtime. Those accesses are not declared. Because no secrets are requested, it is not directly asking for credentials, but code could still read local files or call external endpoints—verify code paths that perform network/file I/O before trusting it.
!
Persistence & Privilege
The plugin advertises autonomous memory writes ('experts write context to memory/') and auto-workspace isolation. Combined with subagent orchestration code (subagent-manager.js) this gives the plugin the ability to persist conversation/context on disk and spawn internal subagents/processes. While 'always:false' is appropriate, the plugin still requests persistent storage and autonomous agent-like behavior—this increases blast radius if abused and should be sandboxed and audited.
Scan Findings in Context
[system-prompt-override] unexpected: A pattern suggesting the SKILL.md may attempt to change model/system prompts or otherwise inject instructions into the agent runtime. This is not expected for a benign plugin and is a red flag — prompt overrides can be used to make the agent ignore safety constraints or leak data.
What to consider before installing
This package is suspicious but not obviously malicious: it contains a substantial codebase that will run (not just prose) and instructs autonomous persistence and multi-agent orchestration. Before installing: 1) Treat it as code — review the GitHub repo and the JavaScript/TypeScript files (especially subagent-manager.js, hooks/eo-expert/handler.ts, multi-expert-orchestrator.ts, executor.ts) for network calls, eval/child_process usage, and file I/O. 2) Search the code for hardcoded URLs, IPs, and calls to external services (fetch, axios, http/https, WebSocket). 3) Inspect package.json and package-lock.json for suspicious or many untrusted dependencies. 4) Test in an isolated sandbox/container (no access to secrets, production files, or privileged networks). 5) If you plan to use persistent memory features, audit what gets written to memory/ and ensure no sensitive data is stored or uploaded. 6) Do not provide credentials or secret tokens until you understand exactly which external services the plugin contacts. If you lack the ability to audit the code, avoid installing from an untrusted GitHub repo.

Like a lobster shell, security has layers — review code before you run it.

latestvk9761fsfr4s8jy6dwz9yy8jp1184ddj9

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments