ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Delta Disclosure Auditor

v1.1.0

Helps verify that skill updates publish an auditable record of what changed — catching the gap between "the registry shows the new version" and "anyone can s...

0· 547·0 current·0 all-time
by@andyxinweiminicloud
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The name and description describe auditing published deltas; requesting curl and python3 is consistent with fetching registry endpoints and parsing/verifying signed deltas. There are no unrelated binaries, env vars, or config paths declared.
Instruction Scope
The SKILL.md is an instruction-only runtime spec (no code files). The visible portions describe examining registries, parsing deltas, checking signatures and hash chains — all within scope. However, because the skill will instruct the agent to fetch remote manifests and likely to run python-based verification, you should inspect the full SKILL.md to confirm it does not direct the agent to execute arbitrary code downloaded from publisher-controlled URLs or to read unrelated local files. If the instructions tell the agent to run publisher-supplied scripts or to pull verification keys from untrusted endpoints, that would be a concern.
Install Mechanism
No install specification and no code files — lowest disk/write impact. The skill relies on system-provided curl and python3 only, which is proportionate to its purpose.
Credentials
No environment variables, credentials, or config paths are required. This is appropriate for a read-only auditor. One caveat: delta verification requires authoritative public keys or trusted registry metadata; if the instructions obtain keys from arbitrary publisher URLs (not a trusted keyserver or registry-signed record), that would reduce trustworthiness.
Persistence & Privilege
always is false, agent invocation is allowed (default) and appropriate. The skill does not request persistent presence or cross-skill configuration changes in the declared metadata.
Assessment
This skill is coherent with its stated goal and appears low-risk based on the metadata (no installs, no secrets). Before installing, review the full SKILL.md to confirm: (1) where it fetches public keys used for signature/chain-of-custody checks — prefer keys anchored to a trusted registry keyserver or registry-signed metadata rather than publisher-controlled URLs; (2) that it only fetches manifests/deltas and does not instruct the agent to download and execute arbitrary publisher-supplied scripts or archives; (3) the exact outbound endpoints it will contact (registry endpoints) so you can control egress or run the skill in a sandbox; and (4) how it treats incomplete or unsigned deltas (ensure it fails safe and does not auto-approve updates). If the SKILL.md contains commands that execute remote code or requests credentials, reconsider or run it in an isolated environment. My confidence is medium — I would raise to high if you confirm the SKILL.md never tells the agent to execute remote, publisher-supplied code and the verification keys are obtained from trusted, immutable sources.

Like a lobster shell, security has layers — review code before you run it.

latestvk97714x36ys0jy75dbazckj6xd81vzpf

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📝 Clawdis
Binscurl, python3

Comments