Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Matrix Channel Fix
v1.0.0修复 Matrix Channel 常见问题:加密模块安装、token 过期处理、重新登录等。 Use when: Matrix channel 无法正常工作、加密模块报错、token 失效等问题。
⭐ 0· 420·1 current·1 all-time
by@boms
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The skill describes troubleshooting Matrix encryption, token expiry, DNS, reconfiguration, and room-leave operations; all runtime instructions (pnpm install of the crypto module, removing account files, resetting channel config, using the homeserver login API) align with that purpose.
Instruction Scope
Instructions include destructive operations (rm -rf ~/.openclaw/matrix/accounts) and modifying global node_modules (/usr/local/lib/node_modules/openclaw). They also instruct use of curl to log in with bot credentials and to write passwords into openclaw config. These actions are within scope for repairing the Matrix channel but require user caution: back up data first, verify the homeserver URL and credentials, and be aware that storing plain passwords in config may persist secrets.
Install Mechanism
There is no install spec in the registry (instruction-only). The SKILL.md recommends running pnpm add and pnpm rebuild in a global node_modules path — this is a manual global package change and may require elevated privileges. That is plausible for rebuilding a missing native crypto module but is noteworthy because it modifies system-wide Node modules.
Credentials
The skill does not request extra environment variables or unrelated credentials. The credentials referenced (bot username/password, access token for the homeserver) are appropriate for reauthenticating and leaving rooms. However, the instructions do involve placing passwords into openclaw config and obtaining access tokens via curl, so users should understand these credentials will be used/stored locally.
Persistence & Privilege
always is false and there is no installable code or persistent background component in the skill bundle. The skill does not request elevated platform privileges itself; the user-run commands may require elevated privileges (for global pnpm installs) but that is a consequence of the remediation steps, not the skill claiming extra privilege.
Assessment
This SKILL.md appears to be a straightforward troubleshooting guide for the OpenClaw Matrix channel. Before running commands: back up ~/.openclaw/ and your OpenClaw configuration; confirm the homeserver URL and bot credentials; verify you have pnpm, curl, and jq installed and run commands intentionally (global pnpm add may require sudo and will modify system node_modules); avoid blindly copying rm -rf commands — ensure you target the correct path; understand that openclaw config set storing a password may persist it in plaintext in configuration; consider testing changes in a staging environment or container, and verify the package @matrix-org/matrix-sdk-crypto-nodejs from its upstream source before installing. If you need higher assurance, ask the skill author for source/homepage or a cryptographic checksum for the module to be installed.Like a lobster shell, security has layers — review code before you run it.
latestvk971cc1b441y8x88889w9dx32981vm22
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🔧 Clawdis