Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Claw Def
v1.0.0Provides AI-driven security protection for OpenClaw with threat detection, risk alerts, real-time interception, file and permission management, and security...
⭐ 0· 53·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The metadata and docs advertise a cloud threat library, WebSocket realtime push, a main runtime (src/main.py), and dependencies (requests, websockets), but the repository contents only include a small local file_protection.py and tests — there is no src/main.py, no cloud-client implementation, and no code that performs network calls. This is an overpromise: someone building the advertised cloud-backed product would legitimately need the missing runtime and network code and likely environment configuration, but those are absent.
Instruction Scope
SKILL.md is minimal (install via 'clawhub install claw-def' and 'auto-enable') and does not describe runtime behavior or network endpoints. The tests insert a hard-coded sys.path to '/home/admin/.openclaw/workspace/claw-def/src', which indicates assumptions about host filesystem layout and could lead to accidental access to host paths when tests or code run. The one real runtime function (FileProtectionManager.check_file_operation) only checks/blocks paths and does not read or transmit files, but the packaging claims broader runtime interception and cloud queries that are not specified in instructions.
Install Mechanism
There is no install spec that downloads or extracts remote artifacts; the SKILL.md suggests 'clawhub install claw-def' and a manual git+pip option. No arbitrary URLs, installers, or packaged binaries are present in the provided files, which reduces install-time risk. However, the repository references a GitHub URL in skill.json that should be verified before using an install command that fetches remote code.
Credentials
The skill declares no required environment variables or credentials. That is proportionate for the actual code present, which performs only local path checks. Note: the advertised cloud features would typically require API credentials or endpoints — those are not declared, another inconsistency to clarify.
Persistence & Privilege
always is false and model invocation is allowed (platform default). The package does not request permanent presence or modify other skills' configurations in the supplied files. Nothing in the code writes to global agent config or requests elevated privileges; still, absent the runtime main, it's unclear what an installed package would actually register with the agent.
What to consider before installing
This package is internally inconsistent rather than overtly malicious. Before installing: (1) ask the author for the missing runtime (src/main.py) and for the implementation of the advertised cloud threat library and WebSocket endpoints; (2) verify the repository URL and review any network code (requests/websockets) for endpoints and auth handling; (3) confirm whether the package will run code that touches your home directory (it expands '~' and checks absolute paths) and run it first in a sandboxed environment; (4) be cautious of the tests' hard-coded sys.path (/home/admin/.openclaw/…), which reveal assumptions about host paths — ensure installation won't implicitly rely on or overwrite those locations; (5) if you need cloud features, require explicit declaration of required env vars/credentials and inspect how they are stored/transmitted. Given the missing main runtime and overpromises, do not install in production until the author provides the missing runtime code and a clear security/privacy design.Like a lobster shell, security has layers — review code before you run it.
latestvk974vzy7exq6va68mpx8zm7r0n83g04e
License
MIT-0
Free to use, modify, and redistribute. No attribution required.