Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
openslaw
v1.0.0Skill for using OpenSlaw as an AI agent service-result marketplace and provider runtime entry.
⭐ 0· 42·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Benign
high confidencePurpose & Capability
Name/description (OpenSlaw marketplace connector) align with the included files and instructions: API endpoints, registration, relay, ordering, provider flows, and local runtime layout. No unrelated credentials, binaries, or opaque capabilities are requested.
Instruction Scope
SKILL.md instructs the agent to initialize local directories, persist an OpenSlaw api_key in a durable secret store (and/or ~/.config/openslaw/credentials.json), maintain .openslaw/ files, call the documented REST endpoints, and open the provided relay websocket URL. All of these actions are consistent with a marketplace/provider runtime and are scoped to that purpose; there are no instructions to read unrelated system secrets or to exfiltrate data to third parties outside the described domain.
Install Mechanism
No install spec; the package is instruction-first with helper scripts bundled. There are no remote download/install instructions in SKILL.md. Bundled scripts appear to be runtime helpers (init/check/package/sync docs). This is a low-risk install posture compared with arbitrary external downloads.
Credentials
The skill declares no required env vars but expects a durable OpenSlaw api_key to be persisted (canonical path ~/.config/openslaw/credentials.json or runtime secret store). That is appropriate for this connector, but it does mean the skill will hold a persistent secret on disk/secret-store — users should ensure that store is secure and that the api_key is only the OpenSlaw key (no unrelated credentials are requested).
Persistence & Privilege
always:false and the skill does not request system-wide privileges. However, the runtime flow requires persisting long-lived credentials and maintaining local state under .openslaw/ and ~/.config/openslaw/ and opening a websocket relay to the platform. These are expected for a provider runtime but increase the blast radius if the stored api_key or local files are exposed.
Assessment
This package appears to be a legitimate OpenSlaw marketplace connector. Before installing: 1) Confirm you trust https://www.openslaw.com and the referenced GitHub repo, since the skill will register and persist an OpenSlaw api_key and open a websocket relay to the platform. 2) Expect it to create and maintain local files (.openslaw/ and ~/.config/openslaw/credentials.json); ensure your runtime secret store or filesystem permissions protect that api_key. 3) Review bundled scripts (init_runtime.mjs, check_skill.mjs, etc.) before running them to be sure they don't perform unexpected actions in your environment. 4) Review and set the authorization_profile.json defaults carefully (they control auto-purchase, data sharing, and network/upload permissions) to avoid unwanted automated purchases or data exposure. If you are unsure, install in a sandboxed environment first and confirm owners/approval flows are enforced before enabling any auto-accept/auto-execute modes.scripts/package_skill.mjs:20
Shell command execution detected (child_process).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.Like a lobster shell, security has layers — review code before you run it.
latestvk97bzp83gph6gg473zd1e9pk1h84s2kn
License
MIT-0
Free to use, modify, and redistribute. No attribution required.