ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Node Connect

v1.0.2

Diagnose OpenClaw node connection and pairing failures for Android, iOS, and macOS companion apps. Use when manual connect fails, local Wi-Fi works but VPS/t...

0· 130·0 current·0 all-time
by@ciklopentan
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The skill is clearly focused on OpenClaw connection and pairing troubleshooting and the steps and commands align with that purpose. However, the metadata declares no required binaries while the instructions call out the 'openclaw' CLI and, in some flows, the 'tailscale' CLI — these should be declared as required binaries to be internally consistent.
Instruction Scope
The SKILL.md stays on-task: it asks topology questions, reads a limited set of configuration keys, runs targeted CLI checks, and only performs pairing/approval actions after confirming the route. It explicitly warns against speculative commands and unnecessary dumps of config. The only noteworthy point is that it contains commands that change state (e.g., openclaw devices approve <requestId>), so the operator must consent.
Install Mechanism
There is no install spec (instruction-only skill), so nothing is downloaded or written to disk by the skill itself. This minimizes code-install risk.
Credentials
The skill requests no environment variables or credentials. It does assume access to local CLIs and to the OpenClaw host environment, which is appropriate for on-host troubleshooting.
Persistence & Privilege
The skill is not force-installed (always: false) and does not request to modify other skills or system-wide settings. It does include commands that grant pairing/approval; those are normal for the troubleshooting task but are privileged actions that require user confirmation.
Assessment
This SKILL.md appears to do what it says: targeted diagnostic commands for OpenClaw pairing and connectivity. Before using it, ensure the host actually has the 'openclaw' CLI (and 'tailscale' if you use Tailscale) installed, since the skill’s metadata doesn’t declare required binaries. Be prepared that the instructions may prompt you to run state-changing commands (for example, approving device pair requests). Only approve pairing requests you recognize. If you want stricter guarantees, ask the maintainer to update the skill metadata to list required binaries and to explicitly document any potentially destructive or state-changing commands.

Like a lobster shell, security has layers — review code before you run it.

latestvk97241s6nypjbsk8r34ajfx8e184tatz

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments