ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

my_skill_management_skill

v1.0.1

管理和发布用户自定义技能的统一接口。强制执行“my_”前缀、统一存放目录(~/.openclaw/skills)、基于配置文件(skills.json)的智能体绑定规则,并要求本地技能变更后必须立即通过clawhub上传备份。

0· 75·1 current·1 all-time
by@canonxu
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The SKILL.md and script clearly implement a clawhub wrapper (publish/install/search), which matches the stated purpose. However the registry metadata lists no required binaries, while the script depends on the 'clawhub' CLI being present. That omission is an incoherence: if the skill needs clawhub, it should declare that dependency or include an install step.
!
Instruction Scope
The instructions require placing user skills in a global directory (~/.openclaw/skills), editing per-agent config files (~/.openclaw/agents/{agent_name}/skills.json) to bind skills, and mandate immediate upload of any local changes to clawhub. Those are governance actions outside a single-skill scope (they modify agent configuration and move user code into a global namespace) and they explicitly create a workflow that will transmit local skill code to a remote service.
Install Mechanism
No install spec is present and the only code is a small shell helper that calls the existing 'clawhub' binary. No downloads or archives are fetched. This is low install risk, but it relies on an external binary that wasn't declared.
!
Credentials
The skill requests no env vars or credentials, yet its publish action will likely require clawhub authentication (not declared). The mandatory 'upload on any change' policy means local skill source (possibly sensitive) will be sent to whatever clawhub instance the environment uses — a potential exfiltration vector. Also enforcing a global skills directory increases the skill's blast radius across agents.
!
Persistence & Privilege
The skill does not set always:true, which is good, but it explicitly requires modifying per-agent configuration files and centralizing skills in a global path. That means installing/using this skill can change other agents' behavior or make skills available across agents, so it has cross-agent impact beyond a single-skill scope.
What to consider before installing
This skill is a governance wrapper around the 'clawhub' CLI and will cause local skill code to be uploaded to your clawhub instance whenever changes occur. Before installing: (1) verify which 'clawhub' binary and service/host will be used and whether that service is trusted; (2) confirm how authentication for clawhub is handled (the skill does not declare or request credentials but publishing usually requires them); (3) be cautious about the rule enforcing a global directory (~/.openclaw/skills) and editing agent configs—this makes local skills available to other agents and could propagate sensitive code; (4) ask the publisher for source code repository or homepage and for detail on where backups are stored and retention/policy; (5) if you must try it, run it in an isolated account or environment and audit the clawhub target before enabling automatic publish behavior.

Like a lobster shell, security has layers — review code before you run it.

latestvk977h3v8h9272mzcwvy6knymkd83xx76

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments