ClawHub

Protocol Doc Auditor

v1.0.0

Helps detect hidden attacks in API and protocol documentation. Scans integration guides for dangerous instructions like curl|bash, credential harvesting, and...

0· 378·0 current·0 all-time
by@andyxinweiminicloud
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name and description claim a document-auditor for protocol docs; requiring curl (to fetch a URL) and python3 (to parse/analyze text) is reasonable and proportional to that purpose. No unrelated credentials, binaries, or config paths are requested.
Instruction Scope
SKILL.md confines itself to analyzing provided URLs or text content for risky patterns (curl|bash, credentials in URLs, telemetry setup, etc.). It does not instruct the agent to read user files, environment secrets, or system configuration, nor to exfiltrate data to third parties.
Install Mechanism
Instruction-only skill with no install spec or downloads. This is low-risk — nothing is written to disk by the skill itself.
Credentials
No environment variables, credentials, or config paths are required. The absence of sensitive requirements matches the auditor's function (text analysis of docs).
Persistence & Privilege
always is false and the skill does not request persistent system presence or modify other skills. Autonomous invocation is allowed by default but is not combined with other red flags here.
Assessment
This skill appears internally consistent. Before installing: (1) confirm you trust the skill publisher since source/homepage is unknown, (2) restrict the agent's network access if you run it against sensitive internal docs, and (3) remember the auditor flags patterns but cannot guarantee detection of novel or obfuscated attacks — for high-risk integrations follow up with manual review.

Like a lobster shell, security has layers — review code before you run it.

latestvk973kzwqd1mhp4e0z723zs14jh81mxn4

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📄 Clawdis
Binscurl, python3

Comments