Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Claw Ethics Checker
v1.0.1Automatically evaluates task legality, ethical impact, risk level, and provides compliance suggestions with decision logging for AI assistants.
⭐ 0· 911·0 current·0 all-time
bySkilledClaw@betsymalthus
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name, SKILL.md, examples, package.json and the visible Python code all describe an ethics/compliance checker. The included tests, examples, and API match that purpose. There are no unexpected required binaries or credentials declared.
Instruction Scope
SKILL.md instructs the agent to load and use the EthicsChecker API and shows integration patterns (automatic pre-check, logging, requiring human review). The instructions are limited to task analysis and local recording. Note: examples and INSTALLATION.md show optional notification settings (email, slack_webhook) and log file configuration — if configured, these could send or persist decision data externally. The runtime instructions do not autonomously collect system secrets.
Install Mechanism
No install spec was included (instruction-only), and package.json provides only usual metadata and an innocuous 'install' script. The repository and homepage are referenced but the skill package itself contains no remote download/install steps. This is low-risk from an installer perspective.
Credentials
The skill declares no required environment variables or credentials. However INSTALLATION.md and SKILL.md document optional environment variables and config entries (e.g., CLAW_ETHICS_RISK_THRESHOLD, CLAW_ETHICS_LOG_FILE, slack_webhook, email) — these are optional but could be used to transmit logs/notifications if the operator configures them. There is no mandatory secret exfiltration requested.
Persistence & Privilege
The skill does not request always:true, does not claim to modify other skills' configuration, and only writes logs to its own decision_log in memory and has a provided export_decision_log(filepath) method to write logs to disk. The suggested default log file locations (in docs) may require write permission but do not imply elevated privileges.
What to consider before installing
This skill appears to implement an ethics-checking utility and asks for no credentials, which is coherent with its purpose. Proceed cautiously because: 1) the provided claw_ethics_checker.py content in the package was truncated — the remaining unseen code could contain additional behavior (network calls, remote endpoints, or telemetry). Verify the full source before installing. 2) The docs show optional notification/webhook and log-file configuration; if you enable a slack_webhook, email notifications, or set a log file path that an external process reads, decision data could be sent outside your environment. Recommended actions before install: inspect the complete Python file(s) for network I/O (requests, urllib, socket, or subprocess calls), confirm the true upstream repository (clone from a trusted repo or vendor), and if you enable notifications, review where logs/notifications are sent and sanitize any sensitive task data prior to sending.Like a lobster shell, security has layers — review code before you run it.
latestvk971cxprp5d15jgkfn0askfemn80yvnd
License
MIT-0
Free to use, modify, and redistribute. No attribution required.