ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Config Tracker

v1.0.2

自动追踪并自动提交 OpenClaw 配置和关键工作区 markdown 文件的变更,无需手动操作。

0· 248·0 current·0 all-time
by@altaircardinal
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The code and SKILL.md align with the stated purpose: it scans workspace markdown files and ~/.openclaw/openclaw.json and auto-commits changes. However the package metadata earlier claimed 'required binaries: none' / 'instruction-only', while the shipped code clearly runs git commands and is non-trivial JavaScript — git should be declared as a required binary and the 'instruction-only' tag is inaccurate.
Instruction Scope
Runtime instructions and implementation focus on git operations (git status, add, commit) and on two locations: workspaceDir and ~/.openclaw/openclaw.json, which is consistent with the SKILL.md. The plugin auto-initializes git repositories and commits without user action (including creating .git in your home or workspace). This stays within the stated scope but grants the skill broad read/write access to those paths and can create many commits.
Install Mechanism
There is no install spec and the SKILL.md asks you to copy the directory into your skills folder — consistent with a local plugin. No remote downloads or package installs are performed. That said, the presence of code files means this is not purely 'instruction-only' as the registry summary implied.
!
Credentials
The skill declares no required env vars (which is reasonable), but it relies on the git binary without declaring it. More importantly, it will read and commit files from ~/.openclaw and workspace markdowns which may contain sensitive tokens or configuration. The code does not push to remote by itself (no git push observed in provided code), but if a remote exists in those repos, committing can make secrets easier to expose if the repo later gets pushed. The skill also copies process.env into git child processes (normal) but does not explicitly read other env vars.
Persistence & Privilege
The skill is not always:true and is not requesting system-wide privileges. It will, however, create and manage local git repositories (.git directories) in your workspace and possibly in ~/.openclaw, and will run automatically on the before_prompt_build hook (every conversation round). That autonomous behavior combined with automatic commits increases privacy/operational impact if you don't want automatic changes recorded.
What to consider before installing
This skill does roughly what it says — auto-detecting and committing changes to OpenClaw config and specified workspace markdown files — but take precautions before installing: - Inspect the full source (you've got it) to confirm there is no 'git push' or remote upload behavior in the truncated portion; if you want, provide the remaining code to re-check. The visible code does not perform network exfiltration. - Ensure git is installed and that you are comfortable with the plugin creating .git repositories in your workspace and ~/.openclaw (it will initialize repos and create commits). - Review which files will be tracked. If any tracked files may contain secrets (API keys, tokens, passwords), either remove them from the tracked list or add them to a local .gitignore before enabling the skill. - Check for existing git remotes in those directories. If a remote is configured, commits could be pushed later (by other tools or manual action); consider removing remotes or ensuring they point to a private destination. - If you want more assurance, run the plugin in an isolated environment or disable it (set enabled=false) until you're confident. Also ask the maintainer to declare 'git' as a required binary in the metadata and to fix the metadata that called this 'instruction-only'. If you want, I can: (a) search the truncated portion for 'push'/'remote' or other network calls if you paste it; (b) suggest a safe .gitignore and configuration to avoid committing secrets; or (c) produce a minimal checklist to harden installation.
config-tracker.js:100
Shell command execution detected (child_process).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk97abxhwhqhzyk2th6h5cf13x982t6z5

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments