ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Local Hub

v1.0.2

本地能力中心。通过 HTTP 调用本机麦克风、摄像头、Ollama、YOLO、Stable Diffusion、TTS/转写、通知、剪贴板、天气、白名单脚本等。当需要「验证是否有声音、拍一张照、用本地模型对话、文生图/图生图、朗读、系统通知、读剪贴板、看图描述、列模型、天气、跑脚本」时使用。需先确保 local_...

0· 288·0 current·0 all-time
by@damianleemoha
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The name/description state a local capability hub and the SKILL.md only contains curl-based instructions to call a localhost API (audio, camera, LLM, SD, clipboard, notify, run-script, etc.). Required binary is only curl and no unrelated credentials, which is proportionate to the stated purpose.
!
Instruction Scope
The instructions explicitly direct the agent to call endpoints that access sensitive local resources (microphone, camera, clipboard, filesystem paths returned by API) and to request execution of whitelisted local scripts via POST /run/script. While expected for a local hub, this expands what an autonomous agent can do on the host (sensor capture, file reads/writes, launching model services). Confirm you trust and inspect the local_hub service implementation and its whitelist configuration before enabling.
Install Mechanism
The skill is instruction-only and does not install code itself. SKILL.md points to a GitHub repo/releases (a standard host) and documents manual steps (virtualenv, pip install, run.sh). No hidden download or extract steps in the skill itself.
Credentials
The skill declares no required env vars or credentials. It mentions optional local-service envs (e.g., SD_BASE_URL) and service-side configs (TRANSCRIBE_SCRIPT, RUN_SCRIPT_WHITELIST) but does not request host secrets. This is proportionate to an instruction-only connector.
Persistence & Privilege
always is false and the skill is user-invocable; autonomous invocation is allowed by default. Because the skill enables access to local sensors and script execution via the backend, consider the increased blast radius if you permit autonomous (unsupervised) use — review local_hub access controls and script whitelist.
Assessment
This skill is essentially a client for a local service that performs sensitive actions (camera, mic, clipboard, filesystem, run scripts, call local models). It is internally coherent with its description, but before installing or enabling it you should: (1) inspect and vet the local_hub repository and release you plan to run (do not run an untrusted run.sh), (2) ensure the RUN_SCRIPT_WHITELIST only contains safe scripts and understand what TRANSCRIBE_SCRIPT does, (3) consider running the service in a constrained environment (user with limited privileges, container), and (4) only enable autonomous invocation if you trust the agent and the local service — otherwise require manual confirmation for actions that access sensors or execute scripts.

Like a lobster shell, security has layers — review code before you run it.

latestvk9721n7tr6ph7r8se3wmzwcdf582axe1

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binscurl

Comments