Local Hub
Security checks across static analysis, malware telemetry, and agentic risk
Overview
Local Hub is a clearly described localhost automation bridge, but it asks you to run an external, unreviewed service that can access your microphone, camera, clipboard, and local scripts.
Install this only if you trust and have reviewed the separate local_hub service. Keep it bound to localhost, tightly configure the script whitelist, require confirmation before camera/microphone/clipboard/script actions, and stop the service when you are done.
Static analysis
Static analysis findings are pending for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the referenced backend means trusting code outside this reviewed skill to access local devices, files, clipboard content, and script execution paths.
The reviewed skill does not include the server implementation, yet it instructs installation and execution of external code that will mediate sensitive local capabilities.
本 skill 仅包含「调用说明」,不包含服务端代码…直接下载 zip…pip install -r requirements.txt…再执行 ./run.sh
Review or pin the local_hub repository and dependencies before running it, verify release integrity, and prefer an install spec or bundled reviewed code for high-impact local capabilities.
An agent using this skill could read or overwrite clipboard text, take camera snapshots, check microphone input, or trigger local scripts if the backend is running.
The skill exposes sensitive local actions through generic HTTP calls and exec/curl, including clipboard mutation and script execution, without documenting confirmation requirements or concrete whitelist limits.
读/写剪贴板 | GET /clipboard、POST /clipboard…执行白名单脚本 | POST /run/script…用 exec 调用上述 curl 命令
Require explicit user confirmation for camera, microphone, clipboard, and script actions; define a narrow script whitelist with safe parameters; and log or display each high-impact action.
The service startup may run local code and keep a backend process available for later curl calls.
Starting the backend is expected for this local hub, but the instruction explicitly permits executing a local startup script from the agent environment.
服务必须先启动(用户或你在本机执行一次):cd ~/.openclaw/workspace/local_hub && source .venv-hub/bin/activate && ./run.sh
Only start the service after user approval, inspect run.sh first, and avoid letting the agent automatically start unreviewed local services.
Sensitive data may be handed to the local_hub service and any downstream local services it calls.
Prompts, images, clipboard text, and other local data are routed from the agent to a localhost HTTP backend; this is disclosed, but backend authentication, binding, and data retention are not specified.
基地址:http://127.0.0.1:9000…上传图片…GET /clipboard…POST /llm/chat
Keep the service bound to 127.0.0.1, avoid sending private clipboard or file contents unless necessary, and review the backend’s logging and storage behavior.
If left running, the backend may continue exposing local automation endpoints after the original task is finished.
The skill relies on a long-running local HTTP service. This is disclosed and purpose-aligned, but it is persistent infrastructure beyond a single command.
local_hub:workspace 内 local_hub/,Python + FastAPI,默认端口 9000
Stop the service when not needed and restrict access to the local machine only.