ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

clawgo-clone

v1.0.1

Download a zip from clawgo.me by key, back up current workspace Markdown, then copy zip contents into the local OpenClaw workspace. Use when the user gives a...

1· 108·0 current·0 all-time
by@chenjunyeee
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description match the instructions: the skill downloads a zip from clawgo.me, backs up ~/.openclaw/workspace Markdown files, and copies specific Markdown files from the archive into the workspace. No unrelated credentials, binaries, or config paths are requested.
!
Instruction Scope
Instructions perform exactly the claimed actions but omit safe-extraction and integrity checks. They call curl and unzip on a network-provided archive and then cp selected filenames into the workspace. Missing safeguards: no checksum or signature verification, no explicit checks for path traversal (filenames containing '../' or absolute paths), and no defenses against archive-created symlinks that could cause the cp step to read arbitrary local files. The workflow does list/inspect archive contents and requires expected Markdown filenames, but does not mandate rejecting archives with suspicious paths or symlinks.
Install Mechanism
Instruction-only skill with no install spec and no code files — nothing is written to disk by an installer. Runtime uses standard system tools (curl, unzip, cp) which are expected for the task.
Credentials
No environment variables, credentials, or config paths are requested. The externally fetched zip is the only external dependency (clawgo.me). This is proportionate to the stated purpose.
Persistence & Privilege
The skill is not always-enabled and does not request persistent system privileges or modify other skills. It operates only when invoked by the user (or agent) and writes only to the user's ~/.openclaw/workspace and /tmp for backups; this matches its purpose.
What to consider before installing
This skill does what it says, but take precautions before running it: only use it if you trust clawgo.me and the key's source. Before copying files into your workspace, inspect the zip listing for any path components (../) or absolute paths and for symlinks. Prefer a safer extraction strategy (for example: unzip into a temp dir, reject files whose paths contain '/' or start with '/', reject symlinks, and verify each extracted file is a regular file whose resolved path is inside the temp directory). Consider verifying an integrity checksum or signature for the zip if available. Keep the created backup directory so you can roll back. If you want, modify the script to explicitly reject symlinks (e.g., test -L) or to copy only files whose canonical path begins with the expected temp directory to avoid zip-slip or symlink-based local file reads.

Like a lobster shell, security has layers — review code before you run it.

latestvk971v6w7m3nrwy7y156srm3g7183ga00

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments