Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Agent Dlp
v1.0.0Agent DLP - 数据防泄漏系统 功能: 入口防护、记忆保护、工具管控、出口过滤、审计日志 触发: (1)检查状态 (2)检查输入 (3)检查输出
⭐ 0· 38·1 current·1 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill's name/description (Agent DLP) match the documented capabilities (input/memory/tool/output guards, audit logging). However the SKILL.md repeatedly references Python binaries, a CLI, a lib/agent_dlp.py module, config/config.json and logs/ — none of which are included in the package. For a working DLP agent, those code files and/or an install step would be expected; their absence is an unexplained gap.
Instruction Scope
Runtime instructions tell the agent to run local Python scripts (python3 bin/agent-dlp, lib/agent_dlp.py), edit config/config.json, and view logs. Those steps require file-system access and executable code that aren't present. The doc also includes examples that reference dangerous commands (e.g., check_tool with rm -rf /), which could encourage executing or approving high-risk operations if code were supplied — the instructions therefore expand scope beyond passive checking.
Install Mechanism
No install spec is provided (instruction-only), which lowers the risk of hidden downloads. At the same time, the lack of an install or included code is inconsistent with the documented CLI and library — this uncertainty is concerning because it prevents verification of what would actually run.
Credentials
The skill declares no required environment variables or credentials, which is proportionate for a local DLP helper. The rules list many sensitive patterns (AWS keys, tokens, etc.) that the DLP would detect; that is expected for a DLP product and does not itself indicate overbroad credential access.
Persistence & Privilege
always is false and model invocation is not disabled (platform defaults). The SKILL.md suggests editing its own config and writing audit logs under logs/, which is reasonable for a DLP tool, but because no code/files are present we cannot verify file-scoping or whether it would try to modify other system areas or other skills' configs.
What to consider before installing
This package reads like documentation for a DLP tool but ships no code or install steps — that's the core red flag. Before installing or enabling this skill: 1) Request the source repository or packaged code and verify that bin/agent-dlp, lib/agent_dlp.py, config/config.json and logs/ exist and match the SKILL.md. 2) Inspect the actual code for any network calls, hidden endpoints, or commands that could execute system-level operations (the README example referencing 'rm -rf /' is particularly risky). 3) Prefer skills with a public homepage, source repo, release hashes, or an install spec from a known registry. 4) If you must test, run it in a restricted sandbox with no access to sensitive files or credentials. Additional information that would change this assessment to 'benign': included source code matching the SKILL.md, an install spec from a trusted source, and clear limits showing it only reads/writes its own directory and does not exfiltrate data.Like a lobster shell, security has layers — review code before you run it.
latestvk97e0ayhdvkt04kp1wehv26ead84skyf
License
MIT-0
Free to use, modify, and redistribute. No attribution required.