ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Scan Skill

v1.1.1

Deep security analysis of an individual skill before installation

0· 1.3k·2 current·3 all-time
by@itsnishi
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description claim a pre-install scanner and the package contains a scanner (scripts/scan_skill.py) plus a pattern database (scripts/patterns.py). The allowed tools (Read, Glob, Grep, Bash) and the instruction to run the included python scanner are consistent with scanning a skill directory.
Instruction Scope
SKILL.md instructs the agent (or user) to run the included python scanner against a target skill directory. The scanner reads all files under the provided directory and reports findings (including secrets). That file I/O is expected for this purpose, but be aware the tool will enumerate and print contents from whatever path you point it at — so only scan directories you intend to inspect.
Install Mechanism
No install spec — instruction-only with bundled scripts. The scanner code is included directly in the skill (no external downloads or package installs), which is proportionate for a local analysis tool.
Credentials
The skill requests no environment variables or external credentials. The pattern database contains regexes to detect secrets, but the skill itself does not require or access secrets from your environment.
Persistence & Privilege
Registry flags show disable-model-invocation: true and always is false. The skill is not auto-invocable and does not request persistent/system-wide changes. It does not attempt to modify other skills' configs in the provided code.
Assessment
This skill appears to do exactly what it says: run a local scanner on a skill directory. Before using it, (1) review the bundled scripts yourself (you have them in the package) to confirm they don't execute code from scanned projects, (2) run the scanner in a sandbox or with least-privilege access if you will scan untrusted repositories, and (3) only point it at directories you intend to expose to a scanner (it will read files and report secrets it finds). The presence of 'Bash' in allowed-tools is explainable (the scanner runs via a shell command) and is mitigated by disable-model-invocation: true, but if you prefer extra caution, run the included python script manually in your environment rather than granting tool execution to an agent.
scripts/patterns.py:357
Shell command execution detected (child_process).
scripts/patterns.py:350
Dynamic code execution detected.
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk975976b5ey1yed94w856rtp7x83q63rsecurityvk974anmsaxcqndz9jwch71pwan80qevq

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments