ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Google Search Console Analytics

v1.0.0

Ruft Google Search Console Daten für akku-alle.de ab - Klicks, Impressionen, CTR, Rankings und Top-Keywords. Nutze das shell Tool um /root/.openclaw/skills/g...

0· 52·0 current·0 all-time
by@akkualle
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The skill claims to fetch Google Search Console data for akku-alle.de, which legitimately requires Google credentials. However the registry metadata lists no required env vars or binaries while the SKILL.md itself declares a requirement for GOOGLE_APPLICATION_CREDENTIALS and tells the agent to run a binary at /root/.openclaw/skills/gsc-search/gsc-search. There is no install spec or code providing that binary. Asking to execute a root-path binary is disproportionate unless an install step or included executable is provided.
!
Instruction Scope
Runtime instructions explicitly tell the agent to invoke a local binary via the shell tool and rely on the GOOGLE_APPLICATION_CREDENTIALS environment variable. The SKILL.md gives no details about what the binary does, what files it reads, or where it sends data. Because no binary or source code is included, the instructions grant broad discretion to a non-existent/unsupplied executable and implicitly to whatever binary might be present at that path.
!
Install Mechanism
There is no install specification and no code files in the skill bundle, yet the instructions assume a preinstalled executable at a specific root-mounted path. That is an incoherence: either the install step or the binary is missing, or the skill intentionally relies on an external artifact. This elevates risk because the provenance and contents of the invoked binary are unknown.
!
Credentials
The SKILL.md requires GOOGLE_APPLICATION_CREDENTIALS (a sensitive service-account credential path), but the registry metadata did not declare this requirement. Requesting Google credentials is plausible for Search Console access, but it must be declared and minimized (least privilege). Here the requirement is undeclared in registry data and the credential would be accessible to an external binary of unknown provenance — a potential exfiltration risk.
!
Persistence & Privilege
The registry metadata indicates always:false, but the SKILL.md metadata contains "always": true. This contradiction is important because always:true grants the skill persistent inclusion in agent runs. Combined with the credential requirement and the instruction to run a root-path binary, this increases the blast radius if the binary is malicious or misbehaving.
Scan Findings in Context
[no-regex-findings] unexpected: The static scanner found no matches, but this skill is instruction-only with no code files, so the scanner had nothing to analyze. Absence of findings is not assurance of safety; the main issues are metadata/instruction mismatches and the missing binary.
What to consider before installing
Do not install or run this skill until the author resolves contradictions and provides provenance. Specific actions to take: 1) Ask the publisher for source code or a verified install spec that creates /root/.openclaw/skills/gsc-search/gsc-search, and for a homepage or repository to review. 2) Verify whether the skill truly needs GOOGLE_APPLICATION_CREDENTIALS; if so, require a least-privilege service account with only Search Console read access and ensure the credential file is scoped and rotated. 3) Confirm whether the SKILL.md always:true is intentional — avoid allowing always:true unless necessary. 4) Do not set GOOGLE_APPLICATION_CREDENTIALS globally or hand over high-privilege credentials to this skill; instead run it in an isolated environment or with a disposable account after reviewing the binary. 5) If the publisher cannot provide source or a trusted install method, treat the skill as untrusted and do not run it.

Like a lobster shell, security has layers — review code before you run it.

latestvk978yth657y9vw8x634qhmjmgn83pzqj

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments