Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
done
v1.0.0自动解压并安装技能压缩包到 WSL2 和 Windows 桌面。支持 zip 格式。
⭐ 0· 244·0 current·0 all-time
byAetik@aetik-yue
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
Name and description match the code: it extracts a ZIP and copies its contents into a WSL skills directory and a Windows Desktop 'skills' folder. However the code uses a hardcoded Windows user path (/mnt/c/Users/yanha/...), which is not explained by the metadata and is not appropriate for a general-purpose tool. This is inconsistent (works only for a specific username) and may lead to unexpected behavior on other machines.
Instruction Scope
SKILL.md and install.py instruct the agent to read the provided ZIP, parse SKILL.md from inside it, and copy files into user locations (WSL ~/.openclaw/... and Windows Desktop). The installer deletes existing target directories and copies files recursively. The code uses zipfile.extractall without sanitizing archive entries, and it uses the extracted SKILL.md's name field as the destination folder name — both allow path traversal or malicious archive contents to overwrite or create files outside the intended directories.
Install Mechanism
No external install steps or network downloads are used; the skill is instruction/code-only and runs locally. There is no download-from-URL or third-party package installation, which reduces supply-chain risk.
Credentials
The skill declares no required environment variables or credentials, which is consistent, but the code hardcodes Windows paths for a specific user ('yanha') and also assumes WSL mount points. That is a disproportionate and brittle assumption and may cause files to be written to unintended locations or fail silently if paths don't exist.
Persistence & Privilege
The skill is not force-installed (always:false) and does not modify other skill configs, but it performs destructive filesystem operations: removing existing skill directories (shutil.rmtree) and copying archives into user directories. Combined with the unsafe extraction and use of SKILL.md name as a path, this grants it a high potential to overwrite/delete user files on both WSL and the Windows desktop.
What to consider before installing
This installer largely does what it says, but you should not run it blindly. Specific concerns:
- The code uses zipfile.extractall without sanitizing filenames; a crafted ZIP can include absolute paths or ../ segments and overwrite files outside the temp directory. This can enable file overwrite or deletion on your system.
- The installer uses a hardcoded Windows path (/mnt/c/Users/yanha/...), so it may operate on the wrong user's Desktop or fail on your machine.
- The SKILL.md's name field is used directly as the destination folder name; a malicious name could cause unexpected paths.
- The installer deletes existing skill folders (shutil.rmtree) before copying — you can lose data if the target is misresolved.
What to do before installing:
- Inspect the ZIP contents manually (or list its entries) before running the installer.
- Run the installer in a safe/isolated environment (non-privileged account, VM) or after backing up your Desktop and skills directories.
- If you plan to use this tool regularly, modify the code to: validate/sanitize ZIP member paths, refuse absolute or parent-traversal paths, canonicalize and constrain destination paths to a safe base directory, and replace the hardcoded Windows username with a dynamic lookup or configuration option.
- Do not run this with elevated privileges. If the author can provide a version that safely validates archives and uses configurable target paths, re-evaluate for lower risk.Like a lobster shell, security has layers — review code before you run it.
latestvk9752gz86hke6vegh5r57cnr5x82mzb9
License
MIT-0
Free to use, modify, and redistribute. No attribution required.