ClawHub Quarantine Installer
ReviewAudited by ClawScan on May 10, 2026.
Overview
This skill is a transparent quarantine/audit helper, but it deliberately force-installs remote skills and should only be used in a disposable isolated environment.
Install and use this only in a disposable VM or container with no secrets or production workspace access. Expect it to download and possibly execute third-party code via npx/clawhub, review the generated report manually, and only promote a quarantined skill after independent inspection.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running the skill may execute untrusted installer code on the machine where OpenClaw is running.
The skill explicitly invokes a package/installer flow that can download and execute remote code, including skills flagged as suspicious. This is central to the stated quarantine-audit purpose and is disclosed, but it is high-impact if run on a normal host.
O script `install_and_audit.sh` usa `npx clawhub install --force`. Este comando irá **baixar e executar código remoto** do registro `npm`.
Use it only in a disposable VM or container with no sensitive files, credentials, or production OpenClaw workspace access; review the audit report before manually promoting anything.
Users may not see the external tooling requirements from registry metadata alone, and npx/clawhub use introduces normal package supply-chain exposure.
The registry metadata does not declare runtime tools, while SKILL.md says Node.js, the clawhub CLI, and ripgrep are required. This is a setup/provenance declaration gap rather than hidden behavior because the documentation discloses the prerequisites.
Required binaries (all must exist): none; Required binaries (at least one): none
Treat the documented prerequisites as required, install trusted versions explicitly where possible, and prefer pinned or verified tooling in isolated test environments.
A user who overlooks the warning could run suspicious code on their main machine while believing the quarantine directory fully contains it.
The documentation uses quarantine/isolation language but also clarifies that the directory-based quarantine is not complete containment. Users should not assume the skill creates a secure sandbox by itself.
A quarentena isolada é projetada para mitigar, mas não eliminar, todos os riscos.
Do not rely on the quarantine folder as a security boundary; run the whole workflow inside a VM or container.