Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Setup Automatik
v1.0.0Facilitate the installation and management of VPS solutions using the Setup Automatik engine (powered by Orion Design). Use when the user wants to install, configure, or manage tools like Traefik, Portainer, Chatwoot, N8N, and other open-source applications on a Linux VPS.
⭐ 0· 1.8k·0 current·1 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description (VPS installer for Traefik, Portainer, N8N, etc.) align with the included assets: a tool list, a Python helper to list tools, and a large SetupOrion.sh installer. The large embedded installer and references to deploying via Portainer are coherent with the stated purpose. The presence of functions that interact with Portainer (and prompt for Portainer credentials) is expected for some automated deployments.
Instruction Scope
The SKILL.md explicitly instructs users to provide either an OpenClaw node pairing code via chat or full SSH access (IP, username, password or private key). Asking users to paste SSH private keys or passwords into chat is high-risk. The skill also says it will extract and execute blocks from the supplied SetupOrion.sh or run the script non-interactively — meaning it can run arbitrary commands on the VPS. The SKILL.md also contains unicode-control-chars (prompt-injection) signals, which is suspicious because it may be trying to manipulate evaluation or the agent's behavior.
Install Mechanism
There is no formal install spec (instruction-only), but the bundle includes a ~1.2 MB SetupOrion.sh script that will be executed by the agent/installer. Large bundled installers are not inherently malicious, but they increase risk because they execute many operations and often fetch additional resources from the network. The script references the project site and likely performs network operations; the reviewer should inspect the full script for remote downloads (curl/wget/git), subprocess execution, or telemetry calls before execution.
Credentials
The skill declares no required env vars, which is consistent, but its runtime instructions ask users for highly sensitive credentials (SSH password or private key and optionally Portainer credentials). These are functionally required to perform remote installs, but they must not be pasted into chat. Requesting Portainer credentials to perform API deploys is plausible, but the skill gives no guidance on scoping these credentials (temporary user, limited privileges).
Persistence & Privilege
The skill does not request 'always: true' and has no declared config-path or system-wide changes in the metadata; that is appropriate. The embedded script writes data under $HOME/dados_vps and may modify system packages/services as part of installations (expected for an installer). The default ability for the agent to invoke the skill autonomously (disable-model-invocation=false) combined with the credential requirements increases the potential blast radius, so enable careful operational controls (explicit user confirmation) if you allow autonomous runs.
Scan Findings in Context
[unicode-control-chars] unexpected: Unicode control characters were detected in SKILL.md; such markers are not needed for an installer instruction file and can be used in prompt-injection attempts to influence evaluation or parsing. This is unexpected and worth manual inspection of the SKILL.md content for hidden characters.
What to consider before installing
This skill appears to be a legitimate VPS installer bundle, but treat it like running any third-party installer script: do not paste SSH private keys or root passwords into chat. Prefer the OpenClaw node-pairing flow (recommended) rather than sending credentials. Before running anything, manually review the full assets/SetupOrion.sh script (search for curl/wget/git/ssh/netcat, remote URLs, or commands creating users and SSH keys). If you must run it, (1) test on an isolated disposable VPS or VM, (2) create a temporary unprivileged user or restrict credentials (least privilege), (3) avoid sharing private keys in the chat — instead use a secure pairing or ephemeral credential, and (4) consider running the script interactively yourself after inspection rather than giving the agent autonomous access. If you want, provide the full SetupOrion.sh for a focused review of any network calls or potentially dangerous commands — that would raise or lower confidence in this assessment.Like a lobster shell, security has layers — review code before you run it.
latestvk973vc2683r6z9p5516sswvc2180w0zm
License
MIT-0
Free to use, modify, and redistribute. No attribution required.