ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Drission Agent

v2.1.0

Fortress Sovereign Edition. Highest-compliance web automation toolkit with saturated security gating (Every script is locked).

0· 184·0 current·0 all-time
by@biogod2020
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Requesting google-chrome-stable, xvfb-run, and dbus-launch and Python web/HTML libs aligns with a headless web automation/CDP toolkit. However the SKILL.md and _meta.json claim critical wrapper scripts (secure_wrapper.py, force_takeover.py, ultra_experiment.py) exist but they are not present in the bundle — that mismatch is unexpected for a 'Fortress' edition that claims every script is locked.
!
Instruction Scope
Runtime instructions repeatedly assert that 'secure_wrapper.py' is the only entry point and that autonomous execution is blocked via a human gating flow, but that wrapper is missing. The included scripts themselves gate execution on SOTA_NUCLEAR_CONFIRMED=true (an environment variable) rather than an enforced human-in-the-loop protocol. The instructions also direct 'pip install -r requirements.txt' but no requirements.txt is included. Reliance on an environment variable flag (not declared in requires.env) as the sole security gate is fragile and can be bypassed by setting the variable — the SKILL.md's human-gating claim is therefore misleading.
Install Mechanism
There is no formal install spec (instruction-only), which is low-risk in principle. But the instructions call for pip install -r requirements.txt while no requirements.txt file is bundled. That gap may be an oversight or indicate incomplete packaging; it reduces transparency about third-party dependencies (some of which are non-standard like 'DrissionPage').
!
Credentials
The code enforces gating via the environment variable SOTA_NUCLEAR_CONFIRMED, but requires.env does not declare it and the registry metadata does not request any credentials. Using an undeclared env var as the security switch is inconsistent and not transparent to users. The scripts open outbound HTTP to arxiv.org (expected for search) and create a local TCP relay (127.0.0.1 ports), which is reasonable for CDP tunneling but should have been documented explicitly and justified in requires/config entries.
Persistence & Privilege
The skill does not request 'always: true' and does not declare special persistence. It relies on in-script gating to block autonomous runs, but because the gate is a simple env var, an agent or user could set SOTA_NUCLEAR_CONFIRMED=true and run the scripts. The claimed 'Autonomous Invocation Blocked' in SKILL.md is therefore only true if the missing secure_wrapper.py is present and enforced — which it is not in this package.
What to consider before installing
This package looks like a legitimate web automation toolkit, but several packaging and governance claims do not add up: secure_wrapper.py (the asserted human-in-the-loop entry point) and requirements.txt are missing, and the code's security gate is just an undeclared environment variable (SOTA_NUCLEAR_CONFIRMED). Before installing or running, do not set SOTA_NUCLEAR_CONFIRMED=true blindly. Instead: (1) ask the publisher for the missing secure_wrapper.py and full requirements.txt and verify the wrapper enforces an actual human challenge; (2) inspect all code that would run with SOTA_NUCLEAR_CONFIRMED=true to confirm there are no hidden network endpoints or exfiltration paths; (3) run only in an isolated sandbox or VM, and limit network access if you must test; (4) treat the local TCP relay as sensitive — it can be used to proxy local services (e.g., Chrome remote-debugging) and should be audited. If the maintainer cannot explain the missing files and the gating design, consider this package untrustworthy.

Like a lobster shell, security has layers — review code before you run it.

SOTAvk97ecwg330qk5x059527tcxm2s82yevkanti-botvk970m8ex7v6se68rc72h2e7egd82y8nhfortressvk97ecwg330qk5x059527tcxm2s82yevkgovernancevk97ecwg330qk5x059527tcxm2s82yevkhardenedvk97ecwg330qk5x059527tcxm2s82yevkimpersonatevk97chtmv8zzg2bg1gmzacxckds82y2cdlatestvk97ecwg330qk5x059527tcxm2s82yevkportablevk970m8ex7v6se68rc72h2e7egd82y8nhstablevk97ecwg330qk5x059527tcxm2s82yevkstealthvk97chtmv8zzg2bg1gmzacxckds82y2cdvps-optimizedvk97chtmv8zzg2bg1gmzacxckds82y2cd

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🏰 Clawdis
Binsgoogle-chrome-stable, xvfb-run, dbus-launch

Comments