ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

fofamap

v1.0.0

Use this skill when the user wants FOFA-based asset discovery, host profiling, distribution statistics, icon_hash generation, query refinement after zero-res...

1· 35·0 current·0 all-time
by@asaotomo
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
Crypto
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description, required binaries (python3), and required env vars (FOFA_EMAIL, FOFA_API_KEY) match the script's behavior. The script calls FOFA API endpoints, produces exports, and implements icon-hash and alive-check logic that the skill advertises.
Instruction Scope
SKILL.md and the script remain focused on FOFA workflows. However the helper can perform network probes against target hosts (alive-check, icon-hash) and can suggest/trigger follow-up scanning (nuclei) in project mode. The documentation explicitly advises gating active scans and asking for consent; operators should enforce that before invoking active validation.
Install Mechanism
No install spec is present (instruction-only packaging with a shipped Python script). Nothing is downloaded or executed during install; runtime actions are limited to the included script and standard Python libraries.
Credentials
Only FOFA-specific credentials are required (FOFA_EMAIL, FOFA_API_KEY) and optional FOFA_BASE_URL/FOFA_TIMEOUT — these are proportionate to calling the FOFA API. No unrelated secrets or system credentials are requested.
Persistence & Privilege
The skill is not forced-always. It allows autonomous invocation (the platform default) but does not request elevated or persistent system privileges nor modify other skills' configs. The script writes exports and reports only to local files when explicitly run.
Assessment
This skill appears coherent for FOFA-based recon. Before installing or invoking it: 1) Only provide FOFA_EMAIL/FOFA_API_KEY if you trust the skill and the FOFA account — these credentials are sent to the FOFA_BASE_URL endpoints. 2) Be aware that running --alive-check or icon-hash will make network requests to discovered hosts (lightweight probes). 3) The tool can suggest or run active scanners (nuclei) in project mode; do not allow those actions without explicit authorization and scope limits. 4) Because it runs as a Python script, consider executing it in a controlled environment (container or VM) if you are concerned about data leakage or accidental active testing. The code and docs include explicit gating for active scans and use only FOFA-related env vars, which supports the declared purpose.

Like a lobster shell, security has layers — review code before you run it.

fofavk979crby6e3fcse9tfzn96jnx184hkz8fofamapvk979crby6e3fcse9tfzn96jnx184hkz8latestvk979crby6e3fcse9tfzn96jnx184hkz8

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🗺️ Clawdis
Binspython3
EnvFOFA_EMAIL, FOFA_API_KEY
Primary envFOFA_API_KEY

Comments