ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

OpenClaw Diagnostics

v1.0.0

Diagnoses and troubleshoots OpenClaw config, channel, group message, cron job, and authentication issues using logs and built-in knowledge base.

1· 289·1 current·1 all-time
by@cooperun
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill's name/description match what the scripts do (gather local OpenClaw config, status, and logs and consult a bundled docs snapshot). However the package does not declare that it expects the OpenClaw CLI or that it will read $HOME/.openclaw/openclaw.json, which is inconsistent with its actual behavior.
!
Instruction Scope
Runtime instructions and included scripts explicitly read the user's OpenClaw config and logs (~$HOME/.openclaw/openclaw.json and calling `openclaw logs`/`openclaw status`). That is appropriate for diagnostics, but SKILL.md gives the skill broad discretion to load and print those files; this can expose secrets. The SKILL.md also instructs running update-knowledge-base (network fetch) which will contact docs.openclaw.ai to download many pages.
Install Mechanism
No install spec (instruction-only with shipped scripts and assets). The update script fetches docs from a single official-looking domain (docs.openclaw.ai). No ad-hoc binary downloads or extract-from-unknown-URLs were found.
!
Credentials
The skill requests no env vars in metadata but its scripts access the user's home config and may print auth-related fields from openclaw.json or from `openclaw logs` output. This access is plausible for a diagnostics tool but the lack of declared config paths or a required-binary entry is a mismatch and increases risk of accidental secret exposure.
Persistence & Privilege
always is false and the skill writes only to its own assets directory when updating the knowledge base. It does not appear to modify other skills or global agent settings.
Scan Findings in Context
[system-prompt-override] unexpected: Pre-scan flagged a system-prompt-override pattern in SKILL.md. The visible SKILL.md content does not contain an obvious system-prompt override block, so this may be a false positive or hidden/obfuscated content; recommend manual inspection for any injected instructions that attempt to change agent prompts or behavior.
[base64-block] unexpected: Scanner found a base64-block pattern. The included files do not obviously contain long base64 strings in the visible excerpts, so this could be a false positive or indicate embedded/obfuscated payloads in files (check assets and scripts for encoded data before running).
[unicode-control-chars] unexpected: Scanner detected unicode-control-chars patterns that can hide or alter displayed text. The SKILL.md and references should be examined for non-printing characters that might hide instructions or malicious strings.
What to consider before installing
This skill appears to be a legitimate OpenClaw diagnostics tool, but it will read and print files from $HOME/.openclaw (including openclaw.json) and may call your local openclaw CLI; those files can contain tokens or secrets. Before installing or running: 1) Inspect ~/.openclaw/openclaw.json for sensitive fields and consider redacting secrets or running the scripts in a sandbox; 2) Review scripts/get-diagnostic-info.sh and scripts/check-common-issues.sh (already included) and the entire update-knowledge-base.ts for any unexpected endpoints or embedded data; 3) Because the SKILL.md/meta do not declare the config path or required binary, assume it will access local OpenClaw credentials and logs — if you cannot risk disclosure, do not enable autonomous invocation and run the scripts manually instead; 4) The pre-scan flags (prompt-override, base64, unicode control chars) may be false positives but warrant a manual check of SKILL.md and assets for obfuscated content. If the publisher/source is unknown or untrusted, prefer to run diagnostics locally rather than grant the skill ongoing or autonomous privileges.

Like a lobster shell, security has layers — review code before you run it.

latestvk9704p2frfc2z9y531ja4zv90982chae

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments