ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Release Package

v3.0.0

Browse and search workspace files with syntax-highlighted code and AI-generated explanations saved persistently in SQLite.

0· 22·0 current·0 all-time
by@coopeter
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The code (app.py + front-end) matches the declared purpose (file browser + AI explanations + SQLite persistence). However the skill metadata/registry claims 'no required env vars' while the code expects a DEEPSEEK_API_KEY/DEEPSEEK_API_URL (in config.py) to call an external AI service — that credential is not declared in requires.env. Also the package was presented as 'instruction-only' but contains many code files, a start script and a requirements file, which is inconsistent.
!
Instruction Scope
SKILL.md instructs users to run start.sh and points to localhost, but config.py hard-codes WORKSPACE_ROOT = '/root/.openclaw/workspace' (not 'current workspace' as the docs state). start.sh prints an external IP (175.178.154.173) which is inconsistent with the 'localhost' guidance. The server binds to HOST='0.0.0.0' and the app sets CORS '*' — this combination can expose workspace files if the host/network is reachable. The runtime instructions do not mention configuring the required API key or restricting network exposure.
Install Mechanism
There is no formal install spec in the registry, but the bundle includes code files, a requirements.txt and a start.sh that launches the app. The start script runs pkill and starts app.py in the background; it does not download external code. Lack of an install spec despite included code is an inconsistency that increases the chance of unexpected local actions during install/run.
!
Credentials
The code uses DEEPSEEK_API_KEY and DEEPSEEK_API_URL to call an external AI service, but the skill metadata does not declare any required environment variables. The configured WORKSPACE_ROOT points at /root/.openclaw/workspace which could allow access to any files under that path; ALLOWED_PATHS is also hard-coded to that path. These configuration choices and the missing declaration for the remote API key are disproportionate to the documented installation instructions and increase risk of accidental data exposure or exfiltration.
Persistence & Privilege
The skill persists explanations in a local SQLite database (explanations.db) in the project directory — that is consistent with the described functionality. It does not request 'always: true' or system-wide privileges. However, binding to 0.0.0.0 and enabling CORS '*' increases runtime exposure risk, so run-time network exposure should be limited.
What to consider before installing
This package implements the described file-browser + AI-explanation functionality, but several mismatches and exposure risks mean you should review and harden it before running: - Do not run it as-is on a production or host-visible network. By default it binds to 0.0.0.0 and sets CORS: '*', which can expose your workspace if the host is reachable. Change HOST to 127.0.0.1 and remove the wildcard CORS if you only need local access. - The code expects DEEPSEEK_API_KEY / DEEPSEEK_API_URL (see config.py) but the skill metadata does not declare this. If you provide an API key, be aware the app will make outbound requests to that API. Only configure a key you trust and prefer to use a dedicated service account with limited scope. - Update WORKSPACE_ROOT to the actual intended directory (or make it configurable via environment variable) — the current hard-coded path (/root/.openclaw/workspace) may expose unexpected files. Verify ALLOWED_PATHS and ensure path validation works for your environment. - Inspect app.py fully (the provided file was partially truncated in the bundle) to confirm there are no additional hidden network calls, backdoors, or exfiltration to unexpected endpoints. - The start.sh contains a public IP in an echo message and kills processes via pkill; remove or adjust these lines if they are not appropriate. Run the service in an isolated container or VM first so accidental exposure is limited. - Ensure the SQLite database (explanations.db) is stored where you expect and that its permissions are appropriate. If you need to trust this skill: ask the author to (a) declare required environment variables in the registry (DEEPSEEK_API_KEY/DEEPSEEK_API_URL), (b) make WORKSPACE_ROOT configurable via env var, (c) change default HOST to localhost and remove wildcard CORS, and (d) remove or explain the public IP message in start.sh. Until those are addressed, treat the package as suspicious and run only in an isolated environment.

Like a lobster shell, security has layers — review code before you run it.

latestvk970dxb9j7kfgqsnpsc822ws5h84mj02

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments