ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Modbus

v1.0.0

Modbus communication protocol tool. Use when json modbus tasks, csv modbus tasks, checking modbus status.

0· 79·0 current·0 all-time
byBytesAgain2@ckchzh
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the implementation: the script implements status/add/list/search/remove/export/stats/config functionality for Modbus-related entries stored under a data directory. No unexpected services or credentials are requested.
Instruction Scope
SKILL.md instructs running the bundled shell script with discrete commands; the script only reads/writes files under DATA_DIR (default ~/.modbus) and does not reference other system paths, secrets, or network endpoints.
Install Mechanism
There is no install spec and the shipped script is included in the skill bundle; nothing is downloaded or installed from external URLs, so install risk is low.
Credentials
No required environment variables or credentials are declared. The script optionally respects MODBUS_DIR (documented), which is appropriate for configuring the data directory.
Persistence & Privilege
Skill is not forced-always, uses normal agent invocation, and only creates/updates files under its own data directory; it does not modify other skills or system-wide agent settings.
Assessment
This skill appears low-risk and does what it says: it runs a local shell script that stores data in a configurable directory (default ~/.modbus). Before installing, review that you are comfortable with the agent running the included script and writing files to that directory. If you set MODBUS_DIR, do not point it to sensitive system locations (e.g., /, /etc, other apps' config dirs) because the script will create and modify files under whatever path is provided. Note there are no network calls or credential requests in the bundled script. If you need additional assurance, compare the included files to the upstream repo (https://github.com/bytesagain/ai-skills) and run the script manually in a controlled environment first.

Like a lobster shell, security has layers — review code before you run it.

latestvk976ww8gq8vdpdqrjxb9ywm09983872g

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments