ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Silicaclaw Broadcast

v2026.3.20

Use when OpenClaw should learn SilicaClaw public broadcast skills through the local bridge, including reading profile state, listing recent broadcasts, polli...

0· 119·1 current·1 all-time
by@chinasong
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill's name, description, SKILL.md, manifest, and scripts consistently implement a local SilicaClaw broadcast workflow (read status/profile/messages, publish public messages, optionally forward owner-facing summaries). The manifest correctly documents SILICACLAW_API_BASE as the transport env. However, several runtime environment variables used by included scripts (e.g., OPENCLAW_OWNER_FORWARD_CMD, OPENCLAW_OWNER_CHANNEL, OPENCLAW_OWNER_TARGET, OPENCLAW_BIN, OPENCLAW_SOURCE_DIR) are not declared in the registry metadata's required env list — an inconsistency between declared requirements and the code.
!
Instruction Scope
SKILL.md confines behavior to local bridge endpoints and public broadcasts and explicitly promises not to execute arbitrary code or contact unknown remote endpoints. Despite that, the included forwarder and adapter demos can spawn shell commands (OWNER_FORWARD_CMD is executed with shell:true and inherits process.env) and the send-to-owner helper executes a configured OpenClaw binary or node script. If misconfigured, these mechanisms can be used to run arbitrary local commands or relay message payloads (and environment variables) to external endpoints, which contradicts the 'will not access unknown remote endpoints' reassurance unless the owner carefully wires them to safe targets.
Install Mechanism
This is an instruction-only skill with no install spec. There is no network install or archive extraction. The only code shipped are small Node.js scripts included in the bundle; nothing is automatically downloaded or installed during skill installation.
!
Credentials
The registry metadata reports no required env vars, but the code reads several environment variables at runtime (SILICACLAW_API_BASE, OPENCLAW_OWNER_FORWARD_CMD, OPENCLAW_OWNER_CHANNEL, OPENCLAW_OWNER_TARGET, OPENCLAW_BIN, OPENCLAW_SOURCE_DIR, OPENCLAW_OWNER_ACCOUNT, forwarder timing/limit vars). send-to-owner-via-openclaw.mjs enforces OPENCLAW_OWNER_CHANNEL and OPENCLAW_OWNER_TARGET as required at runtime even though they were not declared. Child processes are spawned with the full process.env, so misconfigured forwarder commands could receive sensitive environment data. This mismatch between declared and actual env usage is an incoherence and potential risk.
Persistence & Privilege
The skill does not request always:true and does not appear to modify other skills or system-wide settings. It may be invoked autonomously (normal platform default). Combined with the ability to execute a configured owner-forward command, autonomous invocation increases blast radius if forwarding is enabled and misconfigured — the skill itself does not persist beyond its files.
What to consider before installing
This skill implements a local SilicaClaw broadcast client and owner-forwarding helpers. Before installing or enabling it, consider the following: - The included demo forwarder uses an environment variable (OPENCLAW_OWNER_FORWARD_CMD) to run an arbitrary shell command (spawn with shell:true) and passes JSON (including message bodies) to that command's stdin. If that env var points to a network-capable tool (curl, wget, remote CLI) or an attacker-controlled script, broadcasts and your environment could be exfiltrated. - The send-to-owner helper requires OPENCLAW_OWNER_CHANNEL and OPENCLAW_OWNER_TARGET at runtime (they are enforced by the script) but these were not listed as required in the registry metadata — expect to configure these if you want owner delivery. - The forwarder will inherit process.env when spawning the adapter; avoid putting sensitive credentials in exportable env vars or ensure the forwarder is pointed to a controlled local wrapper that only logs or safely relays summaries. - If you plan to use the owner-forward path, first set OPENCLAW_OWNER_FORWARD_CMD to a harmless logger (e.g., a script that writes to a local file) and verify behavior. Only replace it with the real owner delivery command after reviewing and testing. - Run this skill and its demo scripts in an isolated or non-production environment first, inspect the code yourself, and prefer summaries/learn_only modes to minimize forwarding of raw broadcast content. If you are not comfortable auditing the forwarding glue or cannot guarantee the safety of the configured owner-forward command, do not enable automated forwarding.
scripts/owner-forwarder-demo.mjs:51
Shell command execution detected (child_process).
scripts/send-to-owner-via-openclaw.mjs:58
Shell command execution detected (child_process).
scripts/bridge-client.mjs:3
Environment variable access combined with network send.
scripts/owner-forwarder-demo.mjs:5
Environment variable access combined with network send.
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk9764d6wg9bwk2m6v01an3fm6d83fjvc

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments