Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Claw Asset & Privacy Guardian
v0.1.0提供完全本地、匿名化的数字资产和隐私安全检测与监控,防止敏感信息泄露与账号劫持风险。
⭐ 0· 883·1 current·1 all-time
bySkilledClaw@betsymalthus
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
SKILL.md and README describe a local privacy & asset scanner whose primary actions are filesystem scans and anonymous reporting — that aligns with the included Python code and tests which perform local scans and anonymization. However, the manifest and docs also advertise integrations (social media audits, dark‑web monitoring, cloud services, wallet monitoring) that would require network access and credentials, yet the skill declares no required environment variables and has no clear, implemented integration hooks visible in the provided files. Also the repository contains a package.json (Node-style manifest) while the implementation is Python — an inconsistency that is not fatal but surprising.
Instruction Scope
The SKILL.md instructs broad actions: scanning arbitrary directories, auditing browser/social media privacy, monitoring wallets, and optionally monitoring dark‑web leaks. Those operations could legitimately require reading many local paths and contacting external APIs. The included code and tests demonstrate local directory scanning and anonymization, but SKILL.md gives the agent wide discretion (selective/regular scans, exclude patterns, monitor wallets) which could lead the agent to read large parts of a user's filesystem and potentially request credentials. The instructions claim 'completely local' processing, but also describe optional external integrations without specifying how credentials are provided or what endpoints are contacted.
Install Mechanism
There is no formal install spec; this is described as an instruction-only skill but code files are included. SKILL.md shows manual copy steps and references a 'clawdhub install' command — fine, but the package layout mixes Python code with a package.json. No remote downloads or extract steps are present in the provided files, which lowers install risk, but the mixing of packaging conventions is inconsistent and worth checking with the maintainer.
Credentials
The skill declares no required environment variables or primary credential, yet the docs/tests and SKILL.md show many features that would typically need secrets (cloud APIs, social media APIs, wallet monitoring, dark‑web monitoring). The test suite intentionally creates files containing AWS keys, Stripe keys, etc., to verify detection — that is expected for a scanner — but the skill does not declare or restrict how real credentials would be supplied. This mismatch (no declared envs but many credential-requiring features) is a red flag: users may be prompted at runtime to provide sensitive credentials or to link accounts without a clear, auditable mechanism.
Persistence & Privilege
The skill does not request always:true and does not declare system config paths or privileged operations. It proposes adding configuration under ~/.openclaw/config.json and stores data locally per its documentation, which is consistent with a local scanner. There is a minor concern that logging is enabled at INFO and could inadvertently leak details if anonymization isn't perfect, so inspect logs before exposing them.
What to consider before installing
This skill appears to implement a local privacy/secret scanner and anonymizer; however, there are several inconsistencies you should address before installing or giving it access to real data:
1. Code audit: review the full Python source for any network calls (requests, urllib, sockets) or hardcoded remote endpoints. The package.json lists 'requests' as a dependency; check whether the code actually calls external services and which endpoints it uses.
2. Test in isolation: run the included test suite in a disposable VM or container with only non-sensitive sample files (the tests already create dummy secrets). Do not point it at your real home or project directories until you're confident.
3. Credential policy: the SKILL.md advertises social/media and cloud integrations but the skill declares no required env vars. Ask the author how credential input is handled and where tokens would be stored; prefer OAuth or short-lived tokens and avoid entering long-lived credentials unless you inspected the code.
4. Verify anonymization: confirm anonymized reports do not contain raw secrets by checking produced reports for sample secrets and edge cases specific to your data formats.
5. Packaging mismatch: question the maintainer about the mixed packaging (package.json vs Python implementation) and how 'privacy-guardian' CLI commands are installed/registered. Ensure there is no hidden installer that downloads code at install time.
If you cannot perform these checks yourself, do not install the skill on a system containing sensitive data. Running it in a sandbox (VM/container) and limiting its filesystem access is the safest first step.Like a lobster shell, security has layers — review code before you run it.
latestvk97bagw15a3498keadr2p9f2wn80z7gy
License
MIT-0
Free to use, modify, and redistribute. No attribution required.