Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Asf V4

v1.5.2

ASF V4.0 工业化增强模块 - 治理门禁 + 成本模型 + 安全优化。提供否决权执行、所有权证明、经济学评分、返工风险预测、安全在线优化等工业级能力。

⭐ 0· 66·0 current·0 all-time

by@alshowse-tech

MIT-0

Download zip

LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.

Security Scan

VirusTotal

Benign

View report →

OpenClaw

Suspicious

medium confidence

ℹ

Purpose & Capability

Name/description (governance, veto, ownership, economics) align with the code and the listed tools/integrations (memory, agent status, security audit). However SKILL.md metadata says no install steps but the package includes package.json, TypeScript code, benchmark and script files and documentation that instruct running npm/npx/ts-node and bash scripts — so the declared minimal runtime (empty install list) is inconsistent with what the repository actually contains and what the docs expect.

Instruction Scope

The runtime docs and other guides instruct executing local scripts (scripts/security-audit.sh), running npx ts-node benchmarks, editing ~/.openclaw/openclaw.json, and optionally using ClawHub publish APIs (curl with CLAWHUB_TOKEN). The skill's code also exposes functions that write to OpenClaw memory and extend agent status (openclaw.memory.write, extendAgentStatusWithKPI, addVetoCheck). Those capabilities are reasonable for a governance tool, but the instructions ask for filesystem and agent-state changes and running arbitrary local scripts without a declared install process — this gives the skill broad discretion over agent-local state and execution, so review of the actual code (especially scripts/security-audit.sh and integrations/*.ts) is recommended before use.

Install Mechanism

SKILL.md declares an empty install list while the repository contains package.json, TypeScript source, and docs that expect npm install / npx ts-node / npm run build. Lack of an explicit install spec (and no declared required binaries beyond Node >=20) is an inconsistency: users will likely need to run npm install or otherwise build the code to use it. That missing explicit install makes accidental execution of unreviewed code more likely.

ℹ

Credentials

The skill declares no required environment variables or credentials, which matches most runtime behavior. However documentation includes examples that use CLAWHUB_TOKEN (for web/API publish examples) and asks users to run clawhub login — these are publishing/user-actions not runtime credentials, but they are present in repo docs without being declared. The skill's integrations allow writing to agent memory and agent status (sensitive local state) but do not request external secrets — this is proportionate for a governance/agent integration tool if you trust the code, but it still grants access to internal agent data and state.

ℹ

Persistence & Privilege

always:false (good). The skill includes code to integrate with OpenClaw internals (Memory, Agent Status, Security Audit) and docs show modifying ~/.openclaw/openclaw.json to enable the skill; these are expected for a skill that extends the agent. Because the skill can read/write agent memory and register checks, installing it grants it non-trivial local privileges — this is not automatically malicious but should be considered before enabling in production.

What to consider before installing

What to check before installing or enabling: - Inspect the code before running: review integrations/* (memory-extension.ts, agent-status-extension.ts, security-audit-extension.ts) and scripts/security-audit.sh for any network calls, credential reads, or unexpected shell commands. - Don’t run publishing scripts with your real ClawHub credentials or CLAWHUB_TOKEN until you trust the package; the docs include curl examples that require a token. - The SKILL.md metadata says no install steps, but package.json and README show you must run npm install / npx ts-node / npm run build. Treat that as a signal to run builds/tests in an isolated environment (container or VM) first. - Pay attention to agent-memory and agent-status access: this skill is designed to write/read OpenClaw memory and extend agent state — if your agent stores sensitive data, audit the code paths that handle memory entries and logs. - Run the included security-audit.sh and the unit/bench tests locally in a sandbox to validate claims, and search the code for outbound network endpoints or hardcoded URLs before enabling in production. If you can't perform a code review yourself: run the skill in an isolated test agent with no access to production data and no network egress, confirm behavior, then decide whether to enable it more widely.

✗

scripts/security-audit.sh:52

Dynamic code execution detected.

Patterns worth reviewing

These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk97cetg2cf21b851yrqz6xc32584ckz4

License

MIT-0

Free to use, modify, and redistribute. No attribution required.

Termshttps://spdx.org/licenses/MIT-0.html

Asf V4

License

Comments