Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
TIA HW AUDITOR
v1.0.0Use TIA Openness to compare hardware and I/O configuration between field and master backups.
⭐ 0· 65·1 current·1 all-time
byCaisik@cjmore66
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description (audit TIA .zap18 backups using TIA Openness) matches the instructions (locate backups, run an audit script, produce CSV/JSON). However the SKILL.md and README refer to external scripts and runtime requirements (PowerShell, TIA Portal Openness) that are not declared in the skill metadata, which is an inconsistency the user should address.
Instruction Scope
Instructions explicitly permit mounting/accessing network paths and tell the agent to 'Locate latest field and master .zap18 files from configured paths' but do not define where those paths are or how to authenticate. This gives the agent broad discretion to traverse file shares and run external scripts (e.g., tia_hw_audit.bat or a PowerShell script) that are not included — increasing the risk that the agent will read/transfer sensitive files or execute unreviewed code.
Install Mechanism
There is no install spec (instruction-only), which reduces installation risk. But the README references a missing PowerShell script (TIA-HW-Audit.ps1) and requires Siemens TIA Portal Openness; those external dependencies are not provided or declared, so the agent will rely on an environment-provided script/binary whose provenance is unknown.
Credentials
The skill requests no environment variables or explicit credentials, which is appropriate. However it implicitly requires read access to network NAS/vault paths and a licensed TIA Portal/PowerShell environment. Because credentials or mount points are unspecified, users may be tempted to grant broad filesystem or network share access to satisfy the skill — that would be disproportionate unless narrowly scoped.
Persistence & Privilege
The skill is not marked always:true and is user-invocable; it does not request persistent platform privileges or modify other skills. Autonomous invocation is allowed by default but is not combined with other high-risk privileges here.
What to consider before installing
This skill appears to be what it claims (an auditor for Siemens TIA backups) but has gaps that could lead to unsafe behavior. Before installing or enabling it, do the following: (1) Obtain and review the actual audit script(s) (TIA-HW-Audit.ps1 / tia_hw_audit.bat) — they are not bundled; do not let the agent fetch/execute an unknown script automatically. (2) Clarify and lock down the 'configured paths' the skill will read; avoid granting wide filesystem or network-share mounts. (3) Ensure PowerShell and Siemens TIA Portal/Openness are present and licensed if needed, and declare these dependencies. (4) Run the audit in a restricted environment or with a dedicated account that has only the necessary read access to the specific .zap18 backups. (5) If you need a higher-assurance verdict, provide the actual script code and the exact configured-paths/auth model so the scripts and instructions can be reviewed for unexpected network calls or exfiltration.Like a lobster shell, security has layers — review code before you run it.
latestvk97fy6fyj756b4q91c5jx9rygd83rm9q
License
MIT-0
Free to use, modify, and redistribute. No attribution required.