ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Oc

v1.1.0

Comprehensive diagnostic, error-fixing, and skill recommendation tool for OpenClaw

0· 1.6k·5 current·6 all-time
by@phenixstar·duplicate of @phenixstar/oc
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description match the actual files and commands: Python scripts, data files, docs, and a skill-recommender/clawhub client. Required binaries (python3) and declared pip deps (click, rich, requests, beautifulsoup4) are proportionate to the stated diagnostic/recommendation purpose.
Instruction Scope
SKILL.md instructs the agent to run local Python scripts (error-fixer, enhanced-doctor, skill-recommender, setup-wizard, self-updater). Those scripts — per included data/recipes — will read OpenClaw config/.env, logs, and may run system commands (kill processes, start Docker, modify openclaw.json, install packages, download binaries). That scope is consistent with an auto-fix tool but includes risky actions (force-kill, systemctl, global npm installs, downloading/extracting binaries) which the agent could perform when invoked.
Install Mechanism
Install uses a simple pip install of well-known Python packages (click, rich, requests, beautifulsoup4). No arbitrary URL downloads are present in the declared install step. The package install list is proportionate to the codebase.
Credentials
The skill declares no required environment variables, but its references and fix recipes frequently mention sensitive variables (OPENAI_API_KEY, ANTHROPIC_API_KEY, GATEWAY_TOKEN, channel tokens, etc.) and will read or prompt for them during diagnosis/auto-fix. Not declaring them up-front is not inherently incoherent, but users should expect the tool to access configs and environment variables and to request tokens for provider actions.
Persistence & Privilege
always:false and disable-model-invocation:false (default) — the skill is not force-installed but can be invoked autonomously. Because it can run destructive system commands (kill processes, start daemons, install software, download binaries into /opt), autonomous invocation increases blast radius; this is expected for an auto-fix utility but worth user review before enabling autonomous runs.
Assessment
This package appears to be what it claims: a local OpenClaw diagnostic and auto-fix suite. Before installing/using it: 1) Review the scripts (especially self-updater.py and any code that performs network requests) for where they fetch updates or send data. 2) Run it in a non-production sandbox or with dry-run options first (many commands have --dry-run or --check modes). 3) Back up openclaw.json and any configs before applying auto-fixes (the tool documents backups but verify behavior). 4) Be cautious granting sudo/root or allowing destructive fixes (kill -9, systemctl start, global npm installs, downloads to /opt). 5) If you need to trust network endpoints, confirm the project's GitHub/homepage and consider auditing clawhub_client/doc_fetcher calls to ensure no secret exfiltration. If you want higher assurance, request a code audit or run the scripts in a readonly / isolated environment first.

Like a lobster shell, security has layers — review code before you run it.

latestvk97b93xs35azmtv2ft1bnchjt580ss4v

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🏥 Clawdis
Binspython3

Comments