Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
openclawselfguard
v1.0.1Monitors local OpenClaw version daily at 06:00 Beijing time against NVD and GitHub advisories, reporting found CVEs with remediation steps.
⭐ 0· 42·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description state: daily checks of local OpenClaw against NVD and GitHub advisories. The repository includes scripts to detect local version, query NVD and GitHub, compare versions, format reports, and install a cron job — all consistent with the stated purpose.
Instruction Scope
SKILL.md and setup_cron.sh instruct the agent to auto-install a daily job that runs the supplied check_vulns.py script. The cron payload explicitly tells the agent to run python3 check_vulns.py --json and return either a full report (if vulnerabilities found) or a short success message. By default the delivery in the job is 'console only', but the job file supports configuring external delivery channels (feishu, telegram, etc.). This means the output could be sent externally if the user or the setup script is run with a channel argument — review jobs.json and chosen channel before enabling.
Install Mechanism
No remote install spec (instruction-only) — low risk for remote code fetch. However setup_cron.sh modifies user config under ~/.openclaw/cron/jobs.json and creates backups; installing the skill will therefore persist a scheduled job in the user's home config. That persistent change is expected for a monitoring skill but is a meaningful modification to user config and should be reviewed.
Credentials
The skill requests no environment variables or credentials. Network calls go to known public sources (nist.gov and api.github.com). The scripts read some local files/paths to detect OpenClaw (openclaw --version and a few package.json locations) which is appropriate for detecting a local version.
Persistence & Privilege
The skill installs a persistent daily job (cron-like) in ~/.openclaw which will cause repeated autonomous checks. always:false (not force-included). Autonomous invocation via the agent/job system is expected for this monitoring use case, but persistent scheduled runs increase the blast radius if the delivery channel is changed to an external recipient — verify delivery settings.
Assessment
This skill appears to do what it says: detect the local OpenClaw version, query NVD and GitHub, and schedule daily checks. Before installing or running it: 1) Inspect and (if desired) run the scripts manually to verify behavior (python3 scripts/get_version.py --json and python3 scripts/check_vulns.py --json). 2) Review and approve the cron/job entry that setup_cron.sh will write to ~/.openclaw/cron/jobs.json (the script backs up existing file). 3) Do not pass a delivery channel to setup_cron.sh unless you trust the configured channel — by default it is console only; enabling a channel may cause the report (including local version info and any findings) to be sent externally. 4) Be aware of bugs: fetch_github.py has a coding error (an undefined 'undefined' usage in params) and version-range checking in check_vulns.py is simplistic; these may make the tool fail or produce false negatives/positives. If you want to use it, consider fixing those issues or running checks manually and verifying outputs before relying on the cron automation.Like a lobster shell, security has layers — review code before you run it.
latestvk975kbfjcx5kazq8z5st4eewa183ybs0
License
MIT-0
Free to use, modify, and redistribute. No attribution required.