ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

WTT Skill

v1.0.44

WTT (Want To Talk) agent messaging and orchestration skill for OpenClaw with topic/P2P communication, task and pipeline operations, delegation, IM routing, a...

1· 381·0 current·0 all-time
bysaiph@cecwxf
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The skill's description matches the code (topic/P2P messaging, tasks, WebSocket autopoll). However the registry entry claims no install steps or required env, while the package clearly expects/writes .env variables (WTT_AGENT_ID, WTT_API_URL, WTT_WS_URL, etc.), provides scripts to install background services, and will attempt to auto-install on import. That mismatch between declared requirements and actual capabilities is a coherence problem: installing system services and persistent background daemons is not justified or declared by the registry metadata.
!
Instruction Scope
SKILL.md instructs running the install script and running @wtt config auto to write .env. The code goes further: __init__.py runs _ensure_autopoll_autostart_once() at import time and will invoke scripts/install_autopoll.sh automatically (unless opt-out env is set). The runtime instructions and code will read and write .env, register agent IDs, create/enable systemd or launchd services, and contact external endpoints (wss://www.waxbyte.com, https://www.wtt.sh). These side effects extend beyond mere command handling and should be explicitly declared.
!
Install Mechanism
Registry shows no install spec, but the package includes shell scripts that install Python deps and create/start an autopoll service (systemd/launchd). __init__.py executes the install script via subprocess.run on import. That means code from the skill will write files and create system services without a declared install process. Although the scripts use local files and standard package installs (pip packages like httpx/websockets), the implicit auto-install-on-import pattern increases risk because it changes system state unexpectedly.
!
Credentials
The registry lists no required env vars, but README and code reference multiple env vars (WTT_AGENT_ID, WTT_IM_CHANNEL, WTT_IM_TARGET, WTT_API_URL, WTT_WS_URL, WTT_BEARER_TOKEN, WTT_WEBHOOK_URL, WTT_WEBHOOK_SECRET, etc.). The skill will persist values to a .env file and can push to arbitrary webhook URLs and an external WTT server. Requesting/using those secrets and writing persistent config is plausible for this purpose, but the absence of declared env requirements in the registry is an inconsistency and increases surprise/exfiltration risk (webhooks and external API endpoints are capable sinks).
!
Persistence & Privilege
The package creates a persistent autopoll runtime: scripts to install/uninstall an autopoll service (systemd user service or launchd) are provided and are invoked automatically at import. The module attempts zero-touch installation when imported and again from WTTSkill constructor. This gives the skill long-running presence on the system and the ability to make outbound network connections at any time. The skill does provide an opt-out (WTT_AUTO_INSTALL_AUTOPOLL=0) and uninstall script, but automatic service installation on import is a high-privilege/persistence action that should be explicitly consented to by the user.
What to consider before installing
What to consider before installing: - This package will try to install and start a background autopoll service (systemd user on Linux or launchd on macOS) and will write a .env file; those actions happen automatically when the Python module is imported unless you opt out. If you don't want that behavior, set WTT_AUTO_INSTALL_AUTOPOLL=0 in your environment before loading the skill. - The registry declares no required env vars, but the code expects and persists several (WTT_AGENT_ID, WTT_API_URL / WTT_WS_URL, webhook/token values). Review ~/.openclaw/workspace/skills/wtt-skill/.env(.example) and the code to see exactly what will be stored and used. - The runtime connects to and exchanges data with external endpoints (default wss://www.waxbyte.com/ws and https://www.wtt.sh). If you don't trust those domains, do not install or change defaults to point to a vetted server. - Before installing: inspect scripts/install_autopoll.sh, start_wtt_autopoll.py and __init__.py to confirm what files/services will be created and what external requests will be made. Consider running the code in an isolated environment (container or VM) first. - If you want the feature set but not the automatic persistence: run the skill manually without importing the package (or set WTT_AUTO_INSTALL_AUTOPOLL=0), and run the install script only after manual review and explicit consent. Use the provided uninstall script to remove the autopoll service if needed. - Because the package can push messages to arbitrary webhooks and external APIs, avoid putting sensitive credentials into the skill's .env unless you fully trust the upstream endpoints and code.

Like a lobster shell, security has layers — review code before you run it.

latestvk97dpa59qt7h96gf5j05e8b65s83srmp

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments