ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Obscure Package Master

v1.0.0

Use this skill if your uncertainty with a package's API is > 5% to create a deterministic, versioned mirror of the package repo with a built-in coordinate sy...

0· 35·0 current·0 all-time
byAmber Malpas@amberlee2427
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description (creating a deterministic, versioned local mirror/grep-map of a Python package) matches the behavior of the included generate_mirror.py: it downloads a package, extracts source, parses AST, writes a .skills/<package>-<version> directory with references and SKILL.md. Requesting provider-specific paths via env detection is consistent with installing the generated skill into a provider's skills folder.
!
Instruction Scope
SKILL.md and the script instruct the agent to download packages from PyPI, extract archives, and write files into the agent's skills directory. The code also inspects environment variables (provider API keys and AGENT_SKILLS_PATH) not declared in the skill metadata. While provider detection is plausible, the script's behavior grants it filesystem write access to a skills directory and reads many environment variables beyond the metadata.
!
Install Mechanism
No install spec (instruction-only) but the package includes a runnable Python script that performs network downloads and archive extraction. The script calls `pip download` (expected) and then uses tarfile.extractall() and zipfile.extractall() without path-sanitization—this is a known path-traversal/unsafe-extraction vulnerability that can write files outside the intended tmp dir. The script writes generated skill directories into provider/agent skill paths, which is powerful and persistent on disk.
!
Credentials
The skill metadata lists no required env vars, but SKILL.md and the script probe many provider API key env vars (ANTHROPIC_API_KEY, CLAUDE_API_KEY, GEMINI_API_KEY, OPENAI_API_KEY, CODEX_API_KEY, GITHUB_COPILOT_TOKEN, AGENT_PROVIDER, AGENT_SKILLS_PATH). Reading those secrets to detect provider is not strictly necessary for mirroring a PyPI package and is disproportionate without explicit declaration; the script does not exfiltrate them but will observe them if present.
Persistence & Privilege
The script intentionally writes a new skill into the agent's skills directory (e.g., ~/.openai/skills or ./.skills). This is consistent with the stated goal (generate a local skill), but it means the skill will create persistent files in agent-managed locations and could overwrite or clutter the skills folder. 'always' is false and the skill does not auto-enable itself across agents, but filesystem persistence is present.
What to consider before installing
This tool appears coherent for creating local mirrors of Python packages, but take precautions before running it: - Review and sandbox: Inspect the generate_mirror.py source yourself (it's included). Prefer running it in an isolated environment (container, ephemeral VM, or a throwaway account) so its filesystem writes and network downloads can't affect important data. - Archive extraction risk: The script uses tarfile.extractall() and zipfile.extractall() without sanitizing paths—malicious or malformed archives could write files outside tmp_download. Don’t run it on untrusted packages without adding safe extraction checks. - Environment probing: The script checks many provider API key environment variables (OpenAI/Gemini/Anthropic/Copilot). It doesn't appear to send them anywhere, but it will observe them. If you’re uncomfortable, run with those env vars unset or in a restricted environment. - Network trust: The tool uses pip to download source distributions from PyPI. If you mirror packages you don’t control, ensure you trust the package/version (supply pinned versions you reviewed). Consider using an internal package proxy/mirror if you have one. - Check generated content: After running, inspect the newly created .skills/<package>-<version>/references and SKILL.md before allowing an agent to use them. Make sure no unexpected files were created and no existing skills were overwritten. If you want to use this skill, consider patching the script to implement safe archive extraction (sanitize file names), and to avoid scanning for provider API keys unless explicitly requested.

Like a lobster shell, security has layers — review code before you run it.

latestvk97dzg0bzevfrvvhhzz4cgxvhn84r68j

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments