ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Clamav

v1.0.0

ClamAV open-source antivirus reference. clamscan, freshclam database updates, clamd daemon configuration, custom signatures, quarantine workflows, automated...

0· 61·0 current·0 all-time
byBytesAgain2@ckchzh
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (ClamAV reference) matches the included SKILL.md and the script: both provide commands, configuration examples, and operational guidance for clamscan, freshclam, clamd, signatures, quarantine, automation, and performance. There are no unrelated required binaries, env vars, or config paths.
Instruction Scope
SKILL.md and scripts contain real command examples (e.g., freshclam, clamscan, clamdscan, curl/wget to fetch the EICAR test file, and examples of running systemctl). This is expected for an operational reference, but the examples include network operations and commands that, if executed on a host, will perform downloads, update databases, or change system state. The skill itself prints documentation — it does not appear to autonomously execute those potentially impactful commands.
Install Mechanism
No install spec is provided (instruction-only with an included script). Nothing is downloaded or written to disk by an installer; the included script is a local documentation helper. Low install risk.
Credentials
The skill requires no environment variables, credentials, or config paths. Examples reference standard ClamAV paths (/etc/clamav, /var/lib/clamav) which are appropriate for the topic. No disproportionate secret access is requested.
Persistence & Privilege
The skill is not always-enabled and does not request persistent system-level privileges. It does not modify other skills or global agent settings. Autonomous invocation is allowed (platform default) but not combined with other red flags.
Assessment
This skill is a static reference and appears to only print ClamAV documentation and example commands. It does not request credentials or auto-install software. Before running any of the example commands on your system, review them carefully: many examples will download files (curl/wget), update signature databases (freshclam), or start/enable services (systemctl) and should be run intentionally with appropriate privileges. The EICAR test file example is a standard safe test vector, but only fetch it from the official EICAR URL. If you plan to automate scans or run on production hosts, ensure you run updates as the correct user and verify database signatures/mirrors. If you want extra assurance, inspect the full scripts/script.sh content locally — it appears to be a documentation generator and not an active downloader or exfiltration tool.
scripts/script.sh:413
Dynamic code execution detected.
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk970b953e4te2yvxfq4jfwbb4983g9ek

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments