Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Drission Sota Toolkit
v7.1.0Professional Web Intelligence & Automation Toolkit. Features Protocol Phantom (TLS/JA4), Local Socket Relaying, and Hardened physical gating.
⭐ 0· 253·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The name/description (web intelligence/toolkit) matches many bundled files (scrapers, relay, wrapper). However the manifest (_meta.json) claims this is a 'Minimal' scraper (v7.0.0) while the codebase and SKILL.md describe v7.1.0 with high-risk capabilities (CDP takeover, direct driver injection, local TCP/UDS relays). That mismatch (manifest vs files) is unexplained and reduces trust. Requiring google-chrome-stable, xvfb-run and dbus-launch is plausible for headless Chromium control, but several script names and behaviors (force_takeover, nuclear_option, direct_takeover) are high-privilege and go beyond 'basic search and aggregation' described in the manifest.
Instruction Scope
SKILL.md and included scripts explicitly instruct/implement actions outside simple scraping: opening local TCP relays, binding sockets, performing Chrome DevTools Protocol (Runtime.evaluate) via WebSocket, and low-level driver injection. The code intentionally executes arbitrary JS on pages via CDP and can forward/relay local traffic. Although many scripts implement gating (lockfiles, UDS handshake, human challenge), the runtime instructions and code access user filesystem (home ~/.openclaw/tmp lockfile, /tmp sockets) and expose capabilities that can run arbitrary commands in a browser context — scope is broader and higher-risk than a simple scraper.
Install Mechanism
No install spec (instruction-only) — lower risk from remote installers. A requirements.txt is present listing Python deps (curl_cffi, lxml, websocket-client, DrissionPage, requests). No downloads from arbitrary URLs are used. Still, the DrissionPage dependency and direct use of BrowserDriver indicate native/third-party modules that could deliver powerful local capabilities; installing those should be done in an isolated environment.
Credentials
Registry metadata says 'Required env vars: none' and SKILL.md asserts 'Environment variables are not used for authentication', but the code checks SOTA_NUCLEAR_CONFIRMED in nuclear_option and sets SOTA_INTERNAL_AUTH in run_protected_script. The package also requires/reads a lockfile in the user's home (~/.openclaw/tmp/sota_active.lock) and creates /tmp/.sota_auth.sock — these are undeclared config paths. The skill therefore accesses environment and filesystem locations beyond what the manifest declares.
Persistence & Privilege
always:false (no forced permanent inclusion). The SKILL.md top declares disable-model-invocation:true (gating/autonomy disabled) but the registry metadata you provided shows disable-model-invocation:false — a contradiction that affects whether the agent may invoke the skill autonomously. The code creates local sockets and writes reports/assets to an assets/ directory and can bind to 127.0.0.1 ports for relays (temporary listeners). Those behaviors are plausible for the stated functionality but warrant caution and clear gating configuration before enabling autonomous invocation.
What to consider before installing
This package contains powerful local-browser and relay tools (CDP takeover, driver injection, local TCP/UDS relay) that can execute arbitrary JavaScript inside a browser and forward local traffic. Key concerns: (1) Manifest/instruction mismatches — _meta.json claims a minimal scraper while the code implements high-risk 'nuclear' features; SKILL.md and registry disagree on disable-model-invocation. (2) Undeclared use of environment/config — code expects SOTA_NUCLEAR_CONFIRMED and a lockfile at ~/.openclaw/tmp/sota_active.lock and creates /tmp sockets, but the manifest declares no env vars or config paths. (3) High-privilege operations — Runtime.evaluate via CDP and direct BrowserDriver injection are capable of executing arbitrary payloads in the browser context and interacting with local services. Recommended actions before installing or enabling this skill: run only in an isolated VM/container; require the author to fix manifest and metadata inconsistencies (version, disable-model-invocation, declared bins/python deps, declared config paths and env vars); remove or explicitly justify 'nuclear' scripts if not needed; review and possibly delete/disable scripts that perform CDP takeover or direct driver injection; and confirm ownership/provenance of the package. If you need to trust this skill on a host, obtain explicit answers from the author about gating guarantees and demonstrable proof that the UDS/lockfile gating cannot be trivially bypassed. Additional information that would raise confidence: an updated _meta.json matching the code (including required python deps and config paths), confirmation that disable-model-invocation is enforced at registry/platform level, and documentation/tests proving the gating can't be bypassed.Like a lobster shell, security has layers — review code before you run it.
SOTAvk97aden54feq19pzaxf354dt0s82z6d8alignedvk97cw2805pfv0qzqbhp5xge1fx82ydsranti-botvk9714942h40wj8cfctzmyhbm3982yterauditedvk974dnsfms3cyh4prxskf88p0h82yx0nbugfixvk972wdsjj9hwkaks9g3sgj0bcx82z116certifiedvk971zf7h39adya5aqkjjqqvha982zg4ecleanvk97b0w92jv754rvfekgg5jg79h82z9n2completevk97anr7vywsneh317sbqyksem582yh3scryptographicvk97013c1b72mgrtap7tay0asz582ybrnenterprisevk977txm70dywtbdnrwnbrxdtsh82ze1sexperimentalvk972wdsjj9hwkaks9g3sgj0bcx82z116finalvk97cw2805pfv0qzqbhp5xge1fx82ydsrfinal-honestyvk970tmknrmz4737qrc0azhq6qn82zqx5fortressvk971zf7h39adya5aqkjjqqvha982zg4egatedvk975dnr73r9k7hwwxwttk9nted82y0k9gold-standardvk979bgpaj4j7dba5z38fm5zc9s82ze1jgovernancevk97ekvtdyhs26nskp9xdeg5gbn82zvrdhardenedvk97aden54feq19pzaxf354dt0s82z6d8honestvk974dnsfms3cyh4prxskf88p0h82yx0nhonest-releasevk97843fkeq4wrcv7rhb6wm665582yn7dlabvk97843fkeq4wrcv7rhb6wm665582yn7dlatestvk97aden54feq19pzaxf354dt0s82z6d8manual-uploadvk970tmknrmz4737qrc0azhq6qn82zqx5manual-vettedvk97843fkeq4wrcv7rhb6wm665582yn7dminimalvk974dnsfms3cyh4prxskf88p0h82yx0nmodularvk975jjf2rmdm7v4070fkqb9s9182yeqtresearchvk972wdsjj9hwkaks9g3sgj0bcx82z116safevk974dnsfms3cyh4prxskf88p0h82yx0nsentinelvk975dnr73r9k7hwwxwttk9nted82y0k9sovereignvk977txm70dywtbdnrwnbrxdtsh82ze1sstablevk97aden54feq19pzaxf354dt0s82z6d8supremevk974ez69r1k9sym7ydef7wer1s82yktfsupreme-integrityvk979bgpaj4j7dba5z38fm5zc9s82ze1jtoolkitvk9714942h40wj8cfctzmyhbm3982ytertransparencyvk97cck755hc1yk9yejxtn7nmdx82y9qrunstablevk97843fkeq4wrcv7rhb6wm665582yn7dverifiedvk97anr7vywsneh317sbqyksem582yh3szenithvk975jjf2rmdm7v4070fkqb9s9182yeqt
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🛠️ Clawdis
Binsgoogle-chrome-stable, xvfb-run, dbus-launch