Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
ClawShorts
v1.3.2Block YouTube Shorts on Fire TV. Use when asked to check, manage, or configure YouTube Shorts limiting on Buck's Fire TV devices. Triggers on requests like "...
⭐ 1· 141·1 current·1 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description align with the code and required binaries: the skill uses adb + python3 to monitor Fire TV UI and force-stop YouTube when a per-device daily limit is reached. No unrelated cloud credentials or external services are requested.
Instruction Scope
SKILL.md and README claim the tool “only accepts private IP addresses”, but the Python validator (src/clawshorts/validators.py) was audited as only validating octets (0–255) and not enforcing private ranges. Bash helpers include a private-range check, but the authoritative Python path may accept public IPs. The daemon and scripts create files under ~/.clawshorts, install user LaunchAgent/systemd units, run adb commands, and can force-stop apps via ADB—these are expected for the stated purpose, but the mismatch around IP validation and the lack of a user-visible warning/grace period before force-stopping YouTube are problematic.
Install Mechanism
No remote downloads or URL installs; the package is instruction + included code files only. Installation writes files to the user home directory (~/.clawshorts) and can create a symlink in /opt/homebrew/bin and a user LaunchAgent/systemd service. No untrusted network fetches are performed by the daemon according to the audit.
Credentials
The skill requests no environment variables or external credentials (good). It requires adb and python3 and reads/writes only user-owned paths. It does create symlinks under /opt/homebrew/bin (may require privilege/sudo) and manipulates user-level services (launchctl/systemctl) — these are proportional to running a persistent local daemon but worth noting.
Persistence & Privilege
The skill persists as a user-level LaunchAgent/systemd service and includes a health-check sidecar that can kill/restart daemon processes (uses pgrep/pkill/launchctl). 'always' is false; the skill is user-invocable and can be installed to start at login. The control over process lifecycle is broad but confined to the user's account and processes matching 'clawshorts'; however pkill/pgrep usage is somewhat imprecise and could match unintended processes in rare cases.
Scan Findings in Context
[no_private_ip_validation] unexpected: SECURITY_AUDIT.md: src/clawshorts/validators.py validates IPv4 octets but does not enforce private-range checks. SKILL.md explicitly states only private IPs are accepted, so this is an incoherence that could allow attempts to connect to public IPs if the Python path is used.
[adb_no_auth_documented] expected: The audit documents that ADB itself has no authentication; this is inherent to the ADB protocol and expected for a tool that uses adb to control Fire TV. The SKILL.md includes prominent warning text about enabling ADB only on trusted networks.
[force_stop_no_confirmation] expected: The daemon force-stops the YouTube package with 'am force-stop' when limits are reached. That behavior is core to the stated purpose, but the audit flags the lack of a user-visible warning/grace period prior to termination—this is an operational/UX security concern rather than evidence of maliciousness.
[broad_pgrep_usage] expected: Scripts use 'pgrep -f' and 'pkill -f' to find/kill daemon processes; this is expected for process management but can match broader command lines. The audit recommends a PID-file approach for precision.
[sigkill_after_2s] expected: The stop script sends SIGTERM then unconditionally SIGKILL after 2s. This is typical for quick stop scripts but the audit notes better checking would be cleaner.
[ui_xml_no_cleanup] expected: The daemon pulls UI XML dumps to ~/.clawshorts/ui-*.xml and does not clean them up. The audit marks this low-severity (disk accumulation) issue; it's expected given the design.
[daemon_no_resource_limits] expected: LaunchAgent plist does not set resource limits; audit flags potential DOS if daemon misbehaves. This is a configuration hardening issue rather than malicious behavior.
[no_remote_fetch] expected: Audit found no external network fetches (no curl/wget) in the daemon — this is a positive signal and consistent with an offline local-control tool.
What to consider before installing
This skill appears to implement what it claims (blocking YouTube Shorts on Fire TV via ADB) and does not contact external servers or request secrets — but there are important caveats:
- ADB is unauthenticated: only enable ADB debugging on a trusted, password-protected home network. Anyone on the same LAN could control a device with ADB enabled.
- IP validation mismatch: SKILL.md promises the tool will accept only private IPs, but the Python validator was audited as not enforcing private-range checks. Before installing, either: (a) confirm you will only add private IPs manually, or (b) patch/verify src/clawshorts/validators.py to use ipaddress.ip_address(...).is_private/is_loopback as recommended in SECURITY_AUDIT.md.
- Abrupt app termination: the daemon force-stops YouTube without an on-screen warning. If you want gentler behavior, implement a configurable grace/warning period or notification before calling 'am force-stop'.
- Installation creates user-level autostart entries and may add a symlink under /opt/homebrew/bin (may require elevated privileges). Review the LaunchAgent/systemd unit before enabling and consider adding resource limits to the plist/service.
If you decide to proceed: run the code in a test environment first, review/patch the validator to enforce private IPs, enable debug logging to observe behavior, and keep ADB disabled when not actively using the tool.Like a lobster shell, security has layers — review code before you run it.
latestvk97bzt21p86p3q15ms89yrcbdd842vgv
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
Binsadb, python3