ClawHub

Aliyun ClawScan

MaliciousAudited by VirusTotal on May 11, 2026.

Overview

Type: OpenClaw Skill Name: aliyun-clawscan Version: 1.0.2 This skill is a security auditing tool designed to assess the OpenClaw environment and scan other skills for vulnerabilities and malware. It performs static analysis using a comprehensive set of detection patterns for threats like reverse shells, credential harvesting, and ransomware (found in reference/skillaudit.md), and audits system configurations using the 'openclaw security audit' command. While the reference files contain numerous malicious code signatures and IOCs (such as the IP 91.92.242.30), they are strictly used as detection criteria for the audit process, and the skill includes explicit safety guardrails to prevent the execution of any analyzed code.

Findings (0)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

NoteHigh Confidence
ASI02: Tool Misuse and Exploitation
What this means

When invoked, the skill may reveal OpenClaw configuration details and installed skill names in its report.

Why it was flagged

The skill directs the agent to run local OpenClaw audit and inventory commands. These are disclosed and aligned with the audit purpose, but they do inspect the user's OpenClaw setup.

Skill content
openclaw security audit --deep ... openclaw skills list
Recommendation

Use it when you intend to perform a local security audit, and approve only the documented read/audit commands.

NoteHigh Confidence
ASI01: Agent Goal Hijack
What this means

Automated scanners may flag the wording, but the visible context is defensive documentation.

Why it was flagged

The prompt-injection phrase appears inside a detection-pattern reference for finding unsafe skills, not as a hidden directive to control this agent.

Skill content
Direct Patterns: ignore previous instructions
Recommendation

Treat these phrases as examples only; do not execute or obey any sample malicious instructions found during audits.

NoteHigh Confidence
ASI04: Agentic Supply Chain Vulnerabilities
What this means

Users cannot fully verify provenance from the supplied metadata alone.

Why it was flagged

The registry metadata does not identify a concrete source package or repository for the submitted artifact, although the skill is instruction-only and has no install code.

Skill content
Source: unknown
Recommendation

If publisher identity matters, verify the registry owner and homepage before relying on the Alibaba Cloud branding.