Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Skill Preflight Checker
v1.0.0技能预检检查器。在安装任何技能前进行安全检查,验证作者声誉、检查恶意脚本、分析权限需求,防止安装恶意技能。
⭐ 0· 26·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The SKILL.md describes exactly the activities one would expect for a preflight checker (author reputation checks, scanning package scripts, searching for risky patterns, and running containerized tests). However the registry metadata declares no required binaries or tools even though the instructions require npm, docker, jq, grep, tar, and similar tools; and some claims (e.g., 'check author on ClawHub') lack concrete commands. This is a coherence gap between claimed capabilities and declared requirements.
Instruction Scope
Runtime instructions direct the agent to run npm view, grep/search package contents, npm pack/tar extraction, and to run docker containers that mount the current working directory (docker run -v $(pwd):/app node:alpine npm install package-name). Mounting host directories and running npm install (even inside a container) can expose host files and execute package install scripts. The instructions also suggest scanning for ~/.ssh and .env patterns — they do not explicitly restrict access to only package files. These steps are reasonable for a preflight tool but carry non-trivial risk and should be run with stricter isolation and explicit safeguards.
Install Mechanism
This is instruction-only with no install spec and no code files to execute from the skill itself. That minimizes the skill's own installation footprint.
Credentials
The skill requests no environment variables or credentials (appropriate for a checker). However the instructions search for references to sensitive paths (e.g., ~/.ssh, .env) and recommend mounting host directories into containers; that could lead to accidental access to sensitive host data if the operator follows the instructions naively. Declaring required tools (npm, docker, jq, grep, tar) in metadata would also make expectations clearer.
Persistence & Privilege
always:false and no install-time persistence or modifications to other skills are requested. The skill does not request elevated persistent privileges.
What to consider before installing
This skill appears to be what it claims (a preflight checker) but there are some important cautions: (1) The metadata does not list required tools — the instructions expect npm, docker, jq, grep, tar, etc.; verify those are available and intended. (2) Follow the container test steps carefully: avoid mounting sensitive host folders into the container (do not mount your home or .ssh), run the container with network disabled if you only want static checks, and don’t run as root. Prefer npm pack + static analysis and offline scanning rather than running npm install on untrusted packages. (3) Ask the author to update the skill metadata to declare required binaries and to add safer, explicit container options (e.g., --network=none, no host mounts, use ephemeral temp directories). If you cannot verify or enforce those safeguards, run preflight checks in a fully isolated VM/sandbox rather than on your primary host.Like a lobster shell, security has layers — review code before you run it.
latestvk97787ertfdrd31j6ab60beg4x83y7gv
License
MIT-0
Free to use, modify, and redistribute. No attribution required.