ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Benchclaw

v1.0.7

BenchClaw 是 OpenClaw Agent 的专业级“安兔兔”评测框架。它专注于对 AI Agent 进行多维度、 自动化的量化评估与能力基准测试,集成了任务分发、精准评分、可视化报表生成及热更新功能。 当需要量化 Agent 的推理规划、响应速度、Token 成本及安全性时使用。 **用户意图/指令*...

1· 202·0 current·0 all-time
byAntutu@antutuadmin
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
CryptoRequires OAuth tokenRequires sensitive credentials
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description and required binaries (python3, openclaw, pip) align with a benchmarking tool that runs OpenClaw agents and collects performance data. The code runs openclaw CLI, collects tokens/TPS/hardware info, validates answers and generates reports — all coherent with the stated purpose.
!
Instruction Scope
Runtime instructions and code cause the skill to: spawn openclaw agent subprocesses, read session transcripts and workspace files, gather system/hardware info, write temp/caller_info files, and automatically upload aggregated results to a remote API. Those actions are within benchmarking scope, but they also touch potentially sensitive local artifacts (agent transcripts, session data) and the SKILL.md promises sanitization/redaction of secrets — that sanitization implementation is not visible in the truncated files shown, so the instruction scope may permit unintended data exposure.
Install Mechanism
This is effectively an instruction + Python code package; run.sh attempts to create an isolated venv and uses pip install with --require-hashes. requirements.txt appears to contain hashes. No arbitrary remote binary download or obscure installers were observed. Overall install approach is proportionate and has safety-conscious steps.
!
Credentials
Requires no external credentials, which is reasonable. However the skill reads local OpenClaw config/workspace and session transcripts and collects hardware/env info and a persistent device fingerprint (data/cache.json). Those reads are relevant to benchmarking but can expose secrets (API keys, local paths, tokens) if redaction fails. The SKILL.md claims to redact API keys/tokens/user IDs/paths/emails before upload, but the provided source excerpts do not clearly demonstrate or audit that redaction, so requested access may be disproportionate unless sanitization is validated.
Persistence & Privilege
The skill does not request 'always: true' and limits writes to its own temp/ and data/ directories. It does persist a device fingerprint in data/cache.json to correlate runs — this is expected for anti-fraud but is a persistent identifier that could be privacy-sensitive. No other elevated privileges or modifications to other skills/system configs were observed.
What to consider before installing
Before installing or running BenchClaw, consider the following: (1) it will run your OpenClaw agent locally and read session transcripts and environment/hardware details — run it only on a test device or an environment that does not contain production secrets; (2) it automatically uploads aggregated results (encrypted) and a persistent device fingerprint to benchclawapi.antutu.com — verify the server/domain is trustworthy and review server.py/upload implementation to confirm what is sent and how data is redacted; (3) inspect the code paths that sanitize stdout/stderr and transcripts (search for 'redact', 'sanitize', or upload code) — do not rely on prose claims alone; (4) if you must run it with network disabled for safety, comment out or audit the upload call in scripts/main.py/server.py; (5) keep backups of any important local OpenClaw config and avoid running BenchClaw on machines containing API keys, real user data, or credentials; (6) the installer uses pip with hash checking (good), but still review scripts/requirements.txt and run.sh before execution. If you want, I can search the omitted files (server.py, utils.py, verification.py, session.py) for the exact sanitization and upload logic and report whether sensitive fields are actually redacted.

Like a lobster shell, security has layers — review code before you run it.

latestvk97fayxm6hdzkttrz8vmgq518x84yctn

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binspython3, openclaw, pip

Comments