Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Signal
v1.0.2Comprehensive Signal channel integration via signal-cli. Use when you need to send messages, reactions, or handle group chat interactions in Signal, or when...
⭐ 0· 642·5 current·5 all-time
byBlake Lucas@blake-lucas
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The SKILL.md describes a signal-cli based integration (sending messages, reactions, spawning a daemon, pairing, config writes). That purpose is coherent, but the skill manifest declares no required binary or install steps for signal-cli and no required config paths. A Signal integration would normally declare at least the signal-cli binary or an install; the omission is an incoherence.
Instruction Scope
The instructions reference reading OpenClaw configuration and USER.md to identify the owner, defaulting/falling back on global channel config, and enabling /config set|unset behavior (configWrites). They also describe auto-spawning a daemon and running signal-cli commands (sendTyping, send message, etc.). Those instructions imply reading/writing agent config and executing system binaries, but the manifest doesn't declare access to those resources.
Install Mechanism
There is no install spec (instruction-only), which is lower risk in general. However, the skill depends on an external binary (signal-cli) being present and possibly on spawning a daemon; that dependency is not declared. Lack of an install step is acceptable for instruction-only skills, but the missing declared binary is an inconsistency to be aware of.
Credentials
The SKILL.md expects knowledge of a bot account (phone number/account setting) and may read/write OpenClaw config and USER.md. Yet requires.env and required config paths are empty. The skill also defaults configWrites=true (allowing runtime config changes). Requesting no credentials in the manifest while describing behavior that needs account info and config access is disproportionate.
Persistence & Privilege
always is false (good). But defaults described in SKILL.md (autoStart=true when httpUrl unset, configWrites=true) mean the skill may spawn a daemon and write channel/agent config unless you override these settings. This is not automatically malicious, but it does grant the skill the ability to modify agent configuration if allowed — you should review/override configWrites and autoStart if you don't want that.
What to consider before installing
This skill appears to be a real Signal integration, but the manifest omits important runtime requirements. Before installing, verify these points: 1) You must have signal-cli available on the host (set channels.signal.cliPath appropriately). The skill does not declare or install it — the agent will expect the binary to exist. 2) The skill's instructions expect to read OpenClaw configuration and USER.md to determine the 'owner' and may write configuration (configWrites). If you don't want the skill to modify agent config, set channels.signal.configWrites=false and/or autoStart=false. 3) Use a separate bot phone number/account (as the SKILL.md recommends) — never reuse your personal Signal account. 4) Because the skill can spawn a daemon and execute signal-cli, run it first in a restricted or test environment and review any CLI commands it will run. 5) If you want stronger assurance, ask the publisher for a provenance link or an install script and a declared dependency on signal-cli; absence of those is why I flagged it as suspicious. If you cannot confirm these items, do not install or grant config-write privileges.Like a lobster shell, security has layers — review code before you run it.
latestvk972qankp0e1q2bg0ste9zzfzd81p0hw
License
MIT-0
Free to use, modify, and redistribute. No attribution required.