ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Linux & service basics

v1.0.0

Diagnoses common Linux service issues using logs, systemd/PM2, file permissions, Nginx reverse proxy checks, and DNS sanity checks. Use when a server app is failing, unreachable, or misconfigured.

0· 4.4k·22 current·25 all-time
by@kowl64
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description describe triage for systemd/PM2, Nginx, permissions and DNS; SKILL.md and references only use commands and paths relevant to that purpose and request no unrelated credentials or binaries.
Instruction Scope
Instructions remain within triage scope (gather logs, classify, propose fixes). The skill may provide exact shell commands but explicitly requires user approval before applying them and instructs to stop when privileged access is needed. This is appropriate, but users must not approve commands blindly because suggested commands could be destructive (chown/chmod/systemctl reload/etc.).
Install Mechanism
Instruction-only skill with no install spec and no code files — nothing is written to disk or downloaded during install.
Credentials
No environment variables, credentials, or config paths are requested. The SKILL.md references only service logs, common system paths, and user-provided snippets which are proportional to the stated functionality.
Persistence & Privilege
always is false and the skill does not request elevated privileges. Model invocation is allowed (default), so the agent could propose commands autonomously; however SKILL.md requires explicit user approval before executing changes. Users should ensure they review and approve any commands manually.
Assessment
This skill appears coherent for diagnosing Linux services, but exercise caution before approving any exact shell commands it proposes. Always: 1) Provide logs/output rather than granting shell access; 2) Review suggested chown/chmod/systemctl/nginx commands line-by-line and refuse any you don't understand; 3) Do not share secrets or private keys in pasted inputs; 4) Ask the assistant to produce a read-only diagnosis first, then request changes only when you or an authorized admin will run them; 5) Prefer testing fixes on a staging host or snapshot before applying to production.

Like a lobster shell, security has layers — review code before you run it.

latestvk970gxg8zbmspdm1tcsj6rpe717zcyfn

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments