ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

BioLIMS SKILL

v1.0.0

Call Bio-LIMS system APIs to manage orders, sample receiving, and experiment templates, including querying, creating, updating orders, sample receive managem...

0· 75·0 current·0 all-time
by@biolims
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name, description, SKILL.md, many templates, and the large biolims.mjs script all align with a Bio-LIMS integration (orders, receives, templates). However, the repository also contains files that are unexpected for a pure LIMS API client (notably scripts/biolims-openai-server.mjs and many auxiliary shell/python scripts). Those files could be legitimate developer tooling, but they are not explained in SKILL.md and therefore are an unexplained capability.
Instruction Scope
SKILL.md instructs the agent to run the provided scripts/biolims.mjs to call LIMS APIs and states token login/refresh is automatic. The instructions reference many template files and local script paths (e.g., /home/biolims/.openclaw/...), and implicitly rely on local state (.biolims-auth.json). The instructions do not direct reading unrelated system files, but they are vague about where the server URL and credentials come from and do not mention the extra helper scripts (openai server, encrypt_password.py).
Install Mechanism
No install spec is provided (instruction-only from the registry), so nothing is automatically downloaded or executed by the installer. The risk surface comes from the included scripts being executed at runtime, not from an installer fetching remote code.
!
Credentials
The skill declares no required environment variables or primary credential, yet it claims automatic token auth and ships a .biolims-auth.json file and an encrypt_password.py helper. That is a mismatch: it's unclear how credentials or base server URL will be provided/secured. The presence of an 'openai' server script is a red flag because it could enable communication with external services (OpenAI or other endpoints) that are unrelated to core LIMS functions; the SKILL.md does not mention sending data to external LLM services or requiring API keys.
Persistence & Privilege
always is false and the skill is user-invocable. There is no declared attempt to modify other skills or system-wide agent configuration in the visible instructions. The scripts do persist auth to a local .biolims-auth.json file (expected for token caching) but that is scoped to the skill.
What to consider before installing
This package largely looks like a real Bio-LIMS client, but there are a few unexplained or surprising elements you should verify before enabling it: 1) Inspect scripts/biolims-openai-server.mjs and any files that mention 'openai' or external APIs. Understand whether the skill will contact external LLM services or third-party endpoints and what data it would send. If it does, make sure you are comfortable with that data leaving your environment. 2) Confirm how authentication and the base server URL are provided and stored. SKILL.md promises automatic token login/refresh but the package declares no required environment variables. Find where the server address, credentials, or API keys are configured (look in biolims.mjs, biolims.sh, encrypt_password.py, and .biolims-auth.json). Do not rely on automatic behavior until you confirm credentials are stored securely and will not be exfiltrated. 3) Audit any helper scripts that run shell commands (the .sh files) and encrypt_password.py for unsafe operations (child_process, remote downloads, exec, network calls). Because there is no install step, the runtime scripts will be executed by the agent — inspect them first. 4) If you only want basic read-only queries, consider running the main script manually in a sandboxed environment (with no access to secrets or outbound network) to observe its behavior, or ask the author for a minimal 'read-only' mode and for explicit documentation of all external endpoints contacted. 5) If you cannot inspect the code or confirm endpoints, treat this skill as untrusted and avoid granting it access to production credentials or sensitive patient/sample data. If the maintainer can provide a short security note explaining the purpose of biolims-openai-server.mjs, where credentials are stored, and an explicit list of external hosts contacted, that would likely change this assessment to benign.
scripts/biolims-openai-server.mjs:29
Shell command execution detected (child_process).
scripts/biolims-server.mjs:23
Environment variable access combined with network send.
scripts/biolims.mjs:283
Environment variable access combined with network send.
scripts/create_receive.mjs:10
Environment variable access combined with network send.
scripts/scan-sample.mjs:12
Environment variable access combined with network send.
!
scripts/biolims.mjs:303
File read combined with network send (possible exfiltration).
!
scripts/create_receive.mjs:18
File read combined with network send (possible exfiltration).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk971htrrzctkakkde96s18azn183k8vq

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments