ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Setup Automatik

v1.0.0

Facilitate the installation and management of VPS solutions using the Setup Automatik engine (powered by Orion Design). Use when the user wants to install, configure, or manage tools like Traefik, Portainer, Chatwoot, N8N, and other open-source applications on a Linux VPS.

0· 1.8k·2 current·2 all-time
by@alltomatos
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description match the provided artifacts: the skill bundles a large SetupOrion.sh installer and a tool reference, which is appropriate for a VPS installer. However, the SKILL.md tells the user to supply SSH credentials (password or private key) by pasting them in chat — that is not necessary for a coherent, secure workflow and is disproportionate to the description (there is a safer pairing alternative noted).
!
Instruction Scope
Instructions explicitly ask the user to paste SSH passwords or private keys into chat, and to provide database/SMTP credentials in chat. Those instructions broaden the skill's scope into collecting sensitive secrets via chat. The skill also instructs execution of assets/SetupOrion.sh on target servers; running a ~1.2MB shell script gives the agent the ability to run arbitrary commands on your VPS. This is expected for an installer but increases risk when combined with secret collection via chat.
Install Mechanism
There is no external install step — the installer script is bundled in assets/SetupOrion.sh (so nothing is downloaded from an unknown URL at runtime). Bundling the installer reduces the risk of remote arbitrary downloads, but the included script is large and will run many system operations on the VPS; you should review it before execution and be cautious about hidden or network call behavior in the parts truncated in the manifest.
!
Credentials
The skill declares no required environment variables, yet the instructions request SSH credentials, database credentials, and SMTP details to be provided during the run. Requesting those secrets can be reasonable for installing services, but instructing users to paste private keys/passwords into chat is disproportionate and dangerous. The script also mentions Portainer API credentials, which could be used to perform further operations — verify why and how credentials are stored or used.
Persistence & Privilege
The skill does not request 'always: true' and does not declare autonomous privileges beyond normal agent invocation. The installer itself appears to persist configuration/credentials on the VPS (e.g., Portainer deploy function), which is expected for an installer but worth auditing. No evidence the skill tries to modify other skills or the agent platform config.
Scan Findings in Context
[unicode-control-chars] unexpected: The SKILL.md contains unicode control characters detection. This can be used to hide prompt-injection content or manipulate rendering; it is not necessary for an installer skill and should be inspected in the raw text before trusting instructions.
What to consider before installing
This skill appears to be what it says — a bundled installer (SetupOrion.sh) for VPS apps — but it asks you to paste very sensitive secrets (SSH passwords/private keys, DB and SMTP credentials) into the chat. Do not paste private keys or passwords into a chat window. Instead: (1) use the recommended OpenClaw node pairing flow so the agent connects securely, (2) or have the agent produce a shell command you run locally (so credentials never leave your machine), (3) manually inspect the full assets/SetupOrion.sh file before running it (search for network endpoints, credential storage, or unexpected remote calls), (4) if you must grant SSH, create a temporary, limited user or ephemeral key with minimal privileges and revoke it after use, and (5) view SKILL.md in a raw/plain-text editor to check for hidden unicode control characters. If you want, I can help review the full SetupOrion.sh for suspicious network calls, credential exfiltration, or persistence behavior.

Like a lobster shell, security has layers — review code before you run it.

latestvk973g45xnt4szb211qbzr1zh6980w61w

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments