ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Senior Secops

v2.1.1

Senior SecOps engineer skill for application security, vulnerability management, compliance verification, and secure development practices. Runs SAST/DAST sc...

2· 1.9k·10 current·10 all-time
byAlireza Rezvani@alirezarezvani
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description, SKILL.md, and the three scripts (security_scanner.py, vulnerability_assessor.py, compliance_checker.py) are consistent with a SecOps toolset (SAST/DAST, dependency CVE checks, compliance). However the skill declares no required binaries while the runtime instructions and GitHub Actions examples assume a Python runtime (and examples show use of tools like Snyk/Trivy). The lack of a declared Python requirement is an inconsistency that should be addressed.
Instruction Scope
SKILL.md instructs the agent/user to run the included Python scripts against a target path (project directory). That scope is appropriate for a security scanner/compliance tool. Caveats: the code and references include example calls to external services (NVD/Snyk/Trivy) and placeholder functions (e.g., fetch_nvd_data, get_access_reviews) which may require network access or integration code not present. Also the scanner is designed to detect secrets (AWS keys, OpenAI keys, private keys) — running it against broad paths could enumerate sensitive findings; review and restrict scan targets accordingly.
Install Mechanism
No install spec (instruction-only with included scripts). That minimizes implicit installation risk. Because there is no install step, nothing is being downloaded or executed from arbitrary remote URLs by the skill itself.
Credentials
requires.env and primary credential are empty, which is consistent with the skill not demanding credentials up front. However the documentation and CI examples include SNYK_TOKEN and other external-tool tokens, and the scanner deliberately looks for many credential patterns in source code (AWS keys, GH tokens, OpenAI keys). This is not itself malicious, but you should not supply secrets to the skill and should avoid scanning locations containing live credentials unless you intend to surface/handle them. The absence of declared env vars while showing integration examples is an inconsistency to be aware of.
Persistence & Privilege
always:false and default autonomous invocation are set to normal values. The skill does not request persistent system-wide privileges and contains no install-time hooks to modify other skills. There are no signs it tries to persist credentials or alter platform config.
What to consider before installing
This skill appears to implement the advertised SecOps capabilities, but verify these before installing or running it on sensitive data: - Ensure a Python runtime (3.x) and any required libraries are available — SKILL metadata does not declare Python as a required binary. - Inspect the three included scripts locally for any network calls or credential usage (look for fetch_nvd_data, HTTP requests, or use of API tokens) before running them in production. - Do not run the scanner over system-wide or credential-containing directories unless you want secrets discovered; consider scanning a copy or limiting the target path. - The docs show CI integrations that expect tokens (SNYK_TOKEN, etc.). If you integrate with third-party services, only provide the minimum-scoped secrets via your CI secret store. - Because some functions shown in references look like placeholders or rely on external integrations, test the tool in a sandbox and confirm its outputs and failure modes before relying on it for audit or blocking CI pipelines. If you want, I can (1) summarize any network/IO calls found in the actual script files, (2) list external Python packages the scripts import that may need installation, or (3) highlight exact lines where the scanner detects credential patterns so you can review them.
scripts/security_scanner.py:120
Dynamic code execution detected.
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk9728ddpqvxedt7yw556hz3t9582jhm5

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments