ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

CrewHaus Tools

v1.1.0

Free developer and text tools via CrewHaus API. Use when the user needs to format JSON, encode/decode Base64, generate UUIDs, hash text, convert text case, e...

0· 57·0 current·0 all-time
by@crewhaus
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The name/description match the behavior: SKILL.md and the helper script call https://crewhaus.ai/api/tools for text/dev utilities. Minor mismatch: the included script uses curl and python3 but the registry metadata declares no required binaries.
Instruction Scope
Runtime instructions are limited to HTTP calls to crewhaus.ai and using the provided helper script; they do not request arbitrary file reads, extra env vars, or other system data.
Install Mechanism
No install spec is provided (instruction-only). A small helper shell script is included but nothing is downloaded or extracted during install.
Credentials
The skill requests no environment variables or credentials. It does require network access to crewhaus.ai (expected for an API-backed tool).
Persistence & Privilege
always is false and the skill does not request persistent system presence or modify other skills/configurations.
Assessment
This skill is a simple wrapper around a public API and appears to do what it claims. Before using it, be aware that any input you send (including JWTs, passwords, secrets, or other sensitive strings) will be transmitted to crewhaus.ai. If you plan to process sensitive data, prefer local tools or verify the service's privacy/terms and TLS certificate. Also note the helper script calls curl and python3 — ensure those are available and review the script if you want to confirm behavior. If you need stronger assurance, check the crewhaus.ai domain, review the OpenAPI spec at the provided URL, and test with non-sensitive sample data first.

Like a lobster shell, security has layers — review code before you run it.

latestvk97cw0e2qbn8vewhmy7xnjjznd83tszp

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments