Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description (Skill Tester) matches the included artifacts: validator, tester, and scorer scripts plus documentation and sample assets. Files and runtime expectations (reading skill directories, running Python scripts, producing JSON/text reports) are consistent with a QA/meta-skill.
Instruction Scope
The SKILL.md and README explicitly instruct running script_tester.py, skill_validator.py, and quality_scorer.py against arbitrary skill directories and in batch/CI scenarios. That implies executing third‑party Python code (the target skills' scripts) in the agent environment. Execution of untrusted scripts can read any files the agent can access, open network connections, or run subprocesses — SKILL.md mentions timeout protection and 'controlled execution' but does not demonstrate a secure sandbox. This broad runtime scope is the main risk.
Install Mechanism
No install spec (instruction-only) — minimal disk footprint from the platform perspective. The skill bundle includes Python scripts but does not download or extract external archives or run third‑party installers; this is lower install risk.
Credentials
The skill does not request environment variables or credentials (proportional). However, it requires filesystem read access and permission to execute Python in order to perform its function. Those capabilities could be leveraged to access secrets on disk or environment if the skill or the target skills being executed are malicious.
Persistence & Privilege
always=false and there is no indication the skill modifies other skills or global agent configuration. Autonomous invocation is allowed (platform default) but not, by itself, a new risk here — the real concern is what the skill does when invoked (see instruction_scope).
What to consider before installing
This skill is a plausible QA/meta-skill and includes the right files, but it asks the agent to execute Python scripts (and to run validation across repositories). Before installing or running it:
- Review the full contents of scripts/script_tester.py, scripts/skill_validator.py and scripts/quality_scorer.py to confirm they do only static analysis or safely sandbox execution. Look for uses of subprocess, os.system, socket/network libraries, eval/exec, or code that reads files outside the supplied skill directories.
- If you must run it, do so in an isolated environment (dedicated CI runner or container) with no network access and minimal file permissions so that executing arbitrary skill code cannot reach secrets or other repositories.
- Prefer a mode that performs static checks (AST/import analysis) over actually executing untrusted target scripts; if runtime execution is necessary, require explicit sandboxing (e.g., container, restricted user, seccomp) and timeouts.
- If you control the repo, limit the set of directories passed to the tool and avoid running it with elevated privileges.
Additional information that would reduce concern: code-level evidence that runtime testing uses a robust sandbox (process isolation, network disabled, chroot/container, strict time/resource limits) or that the tool can operate entirely in a static-analysis/dry-run mode without executing target scripts. Conversely, finding direct subprocess/network/file‑exfiltration code in the tester scripts would increase my severity to high.Like a lobster shell, security has layers — review code before you run it.
latestvk971tbxm0m0578gnhb8k98f1yn82mxyz
License
MIT-0
Free to use, modify, and redistribute. No attribution required.