Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Openclaw Admin
v1.0.0Manage and inspect the OpenClaw multi-agent gateway — list agents, check model health, view routing rules, manage crons, inspect context budgets, and run sys...
⭐ 0· 146·2 current·2 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill claims to be a gateway admin tool and its commands (reading openclaw.json, routing/crons/triggers, listing agents, checking Ollama models) are consistent with that purpose. However the registry metadata declares no required binaries or env vars while the SKILL.md repeatedly invokes python3, bash, npx, and ollama — those are effectively required but not declared, which is a mismatch.
Instruction Scope
The instructions instruct the agent to read multiple config files (../openclaw.json, config/*.json) which is expected, but path handling is ambiguous (SKILL.md gives contradictory locations for openclaw.json such as ../openclaw.json and ../../openclaw.json). The skill also tells the agent to run 'bash ./status.sh' (an arbitrary script in the repo) and to run 'npx thepopebot' for a restart — executing those could run any code. There are no steps that exfiltrate data externally, but running unknown scripts is a real risk.
Install Mechanism
This is an instruction-only skill with no install spec or code files, so nothing will be written to disk by an installer. That minimizes install-time risk.
Credentials
The skill declares no required environment variables or credentials (reasonable for a local admin helper). However it references executables (python3, ollama, npx, bash) and file paths outside the immediate skill directory (parent directories), which implies it needs filesystem and runtime access that was not documented in metadata. Access to parent directories could expose unrelated sensitive files if run with broader privileges.
Persistence & Privilege
always is false and the skill does not request persistent presence or attempt to modify other skills or system-wide agent settings. It does recommend running npx thepopebot to restart/hot-reload, but that is an operational instruction rather than a capability the skill itself claims.
What to consider before installing
Before installing or invoking this skill: 1) Inspect the SKILL.md yourself and confirm the exact path to openclaw.json (the file location is inconsistent in the document). 2) Be aware the skill expects to run python3, bash, npx, and possibly ollama even though the registry metadata lists no required binaries — ensure those tools are present and you trust them. 3) Do NOT run any commands that execute repository scripts (e.g., ./status.sh) until you open and review those scripts' contents; they can run arbitrary code. 4) Limit the skill's permissions or run it in a sandboxed environment if possible, because it reads parent directories and config files that may contain sensitive data. 5) If you plan to use this in production, ask the publisher to correct metadata (declare required binaries), clarify the canonical config path, and explain why jq is disallowed and python3 mandated. If you cannot verify these issues, treat the skill with caution.Like a lobster shell, security has layers — review code before you run it.
latestvk970mhk76msc725j6gjpbsd9ds834fwm
License
MIT-0
Free to use, modify, and redistribute. No attribution required.