ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

LLM Provider Forensics

v1.3.1

Forensically verify what model family or routing layer may actually sit behind a claimed LLM endpoint or model ID. Use when an agent must investigate whether...

0· 24·0 current·0 all-time
byAndy Ren@andyrenxu7255
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill's name, description, references, and code align: it's a network probing/forensics tool for LLM endpoints and implements OpenAI/Anthropic/Gemini/etc probes. This capability legitimately needs network access and provider keys. However, registry metadata declares no required config paths or credentials while the SKILL.md preferred execution and the script accept a config file and provider API keys — an undocumented mismatch worth noting.
!
Instruction Scope
SKILL.md and the 'preferred execution' example instruct running the included Python script with a --config path (example: /root/.openclaw/openclaw.json) and provider lists. That implies reading agent/system config containing provider API keys. The script runs many probes and returns raw previews of responses; those responses could echo sensitive info. The deep-tests include an explicit 'refusal_probe' prompt asking for instructions to bypass a commercial paywall — a test that can elicit wrongdoing content from targets and therefore needs human review or sanitization.
Install Mechanism
No install spec; skill is instruction + a bundled script. No external downloads or package installs are requested, so there is low installation risk from supply-chain or arbitrary code fetching. The bundled script will run on the agent's host if executed.
!
Credentials
Registry metadata lists no required env vars or config paths, but the script expects API keys/base_urls (either via CLI or a config file). That means the skill can access provider credentials if given a config path or CLI args — credentials are proportional to the task but their use is not declared. Also, script output fields (raw_preview) may include fragments of responses that could contain secrets; the skill does not document redaction or safe handling of those values.
Persistence & Privilege
Skill is not marked always:true and does not request any special persistent privileges. Autonomous invocation is permitted (default) but this is normal for skills. No evidence the skill modifies other skills or system-wide agent settings.
What to consider before installing
This skill appears to implement the advertised forensic probes, but review and mitigate before running: 1) Do not point it at your live agent/system config file containing real API keys; run it with a disposable test config or pass only explicit test credentials. 2) Inspect the script to see exactly how it reads the --config path and what it logs/returns (it includes raw_preview fields that may leak tokens). 3) Remove or neutralize dangerous deep probes (e.g., the 'bypass paywall' prompt) if you don't want the agent to solicit wrongdoing or store such outputs. 4) Run the tool in an isolated/test environment (no access to production secrets or sensitive networks) until you are comfortable with its behavior. 5) If you need higher assurance, request the full script review (untruncated) and confirm whether it reads/writes any unexpected files or transmits data to third-party endpoints beyond the probed providers.

Like a lobster shell, security has layers — review code before you run it.

latestvk97aav6xx5vst7v182tstb0xfh84jgyh

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments