ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Matrix Mentions Patch

v1.1.0

Use when a user reports Matrix @mentions not working, notifications not triggering, asks to fix/update the mentions patch, or asks to install/apply the patch...

0· 63·0 current·0 all-time
byFang, Chao@biociao
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description align with the included script: it locates OpenClaw's distributed JS and injects mention-handling logic. There are no unrelated credentials, network calls, or external endpoints requested. Minor inconsistency: SKILL.md's 'Patch Status Check' greps a TypeScript source file under extensions/src (formatting.ts), while the script actually modifies compiled auth-profiles-*.js in OpenClaw's dist/ — this is plausible (source vs compiled) but could confuse users if their installation layout differs.
Instruction Scope
Instructions are narrow and explicit: run the included node script, restart the gateway, and verify. They correctly tell the user to only apply when requested. The script does modify files under global node_modules (OpenClaw's dist), which is within the stated purpose but is a system-level change that requires write privileges. The SKILL.md check path and the script target differ (source vs dist), which may cause users to believe the patch is present when it is not.
Install Mechanism
No external downloads or installers — the skill is instruction-only plus a local Node script. The script uses fs and child_process but only for local filesystem operations (ls, npm root -g, file copy/write). This is low-risk compared with remote downloads.
Credentials
The skill requests no environment variables, credentials, or external tokens. It does assume a Node runtime and access to global node_modules (may require elevated privileges), which is reasonable for a file-patching script.
!
Persistence & Privilege
The script makes persistent, system-wide edits to OpenClaw's distributed JS files and requires write permissions to node_modules (potentially root). This is expected for a patch, but it is privileged — a faulty patch could break the gateway; updates may overwrite it and re-applying is required. The skill does not run autonomously by default, but the persistent modification is significant and should be applied with caution.
What to consider before installing
What to consider before installing/applying: - The code does what it claims (adds mention extraction and attaches m.mentions) and does not phone home or require secrets, but it modifies core OpenClaw files in your global node_modules — you need write permissions and this change is persistent. - The patch is brittle and implementation has issues: the injected formatting function references escapeRegex (used in the replacement) but the script does not insert an escapeRegex definition into the patched file, which will likely cause runtime errors in the patched code. Also the script matches specific compiled strings; if your OpenClaw build differs the patch may fail or do nothing. - Recommended steps: (1) Inspect the script yourself; (2) Back up the target file (the script already creates a .bak, but keep an external copy); (3) Test on a staging instance first; (4) If you proceed, confirm Node global path and permissions (the script assumes certain paths and uses npm root -g fallback); (5) Consider patching the script to also insert a safe escapeRegex implementation into the target file or adjust the patching logic to match your build. - If you are unsure, ask the maintainer for an upstream fix or a proper plugin update instead of in-place patching.
patch-matrix-mentions.mjs:23
Shell command execution detected (child_process).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk9781tz3thhtrvy291w8adfxwh83wctj

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments