ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Cancorteaw App

v0.1.1

Manage Expo React Native apps on OpenClaw: create apps, add screens, start web previews on localhost, and check preview status safely within /home/patron/apps.

0· 543·0 current·0 all-time
by@cancorleone
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description (Expo/React Native app runner) align with the documented actions (create app, add screen, start preview). However the skill.json entrypoint runs /home/patron/apps/_bin/appctl on the host — a script outside the skill bundle — so the runtime behavior depends entirely on that external script's contents rather than the packaged skill.
!
Instruction Scope
SKILL.md describes file writes under /home/patron/apps, running npx/create-expo-app and npx expo start (which will download packages), creating pids/logs, and recommends kill commands. It also claims an allowlist and path constraints, but those are descriptive only: the skill provides no enforcement mechanism. Because the agent will execute the host script, that script could read or modify other files or run arbitrary commands if tampered with.
Install Mechanism
Instruction-only skill with no install spec and no bundled code — lowest install risk. The runtime still invokes npx/npm which downloads packages from the network when creating or running projects (expected behavior for Expo development).
Credentials
The skill declares no required env vars or credentials. SKILL.md notes EXPO_PORT (optional) and sets EXPO_NO_TELEMETRY in preview — these are proportional to the stated functionality and do not request secrets.
!
Persistence & Privilege
always:false (good), but the skill's entrypoint executes a host-local script (/home/patron/apps/_bin/appctl). Because the script is not bundled or validated, an attacker with write access to that path could make the skill execute arbitrary code. The skill also creates processes, pid files, and log files under /home/patron/apps which could be abused if the runner script is malicious or compromised.
What to consider before installing
This skill appears to do what it says (manage Expo apps), but it relies on executing /home/patron/apps/_bin/appctl that is not included in the skill. Before installing or enabling it: 1) Inspect the file /home/patron/apps/_bin/appctl (and ensure it is the intended, auditable script). 2) Verify file ownership/permissions so untrusted users cannot replace it. 3) Confirm the host user account that will run the skill is non-privileged and that /home/patron/apps is writable only by trusted accounts. 4) Be aware that npx/npm will download packages from the network (supply-chain risk); consider restricting network access or running in an isolated environment. 5) If you cannot review or lock down appctl, treat the skill as risky because it can execute arbitrary commands on the host.

Like a lobster shell, security has layers — review code before you run it.

latestvk97902evxxy15yh7qamt3jbnpn81pq1f

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments