ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Agentic-Liquid-Neural-Network-Wireless-Manager

v1.0.1

UHCI Network Intelligence — AI-powered wireless network manager with SAC-LTC. Diagnoses, optimizes, and manages Wi-Fi and 3G/4G/5G hotspot switching. Provide...

0· 67·0 current·0 all-time
byDaniel Foo Jun Wei@danielfoojunwei
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description (wireless network manager using SAC-LTC) match the included Python code, data, and documentation. The files provide scanning/parsing of OS network commands, physics-based training code, and an agent CLI. Optional admin actions (DNS switching, DHCP renewal, adapter restart, network switching) are plausible for an optimizer but should be explicitly consented to; they are not required by the basic diagnostics/monitoring functionality.
!
Instruction Scope
SKILL.md instructs running many OS-level commands (system_profiler, nmcli, netsh, ping, dig, curl), reading adapter state, writing to ~/.net-intel, and running Python scripts. It also documents continuous background 'monitor' and 'sentinel' modes and presence-detection (human movement) — these expand scope beyond simple diagnostics into persistent sensing and potential privacy-invasive behavior. The Manus example and README suggest adding tool descriptions into agent system prompts (integration guidance), which can be used to escalate privileges or persistence if misapplied.
Install Mechanism
No remote download/install spec is present; repository-style code files are included and intended to be run locally. That lowers supply-chain risk vs fetching arbitrary binaries, but executing included Python (and installing torch via pip) still runs new code on the host. No obscure or shortened URLs or external installers were found in the supplied files.
Credentials
The skill declares no required environment variables or external credentials. However it asks the user to grant hardware and OS permissions (Wi‑Fi adapter read access, location access prompts, terminal/Python execution) and optionally admin/sudo for system changes. Those optional elevated capabilities are coherent with claimed auto-optimization features but are powerful — they should be limited to explicit user-approved actions.
Persistence & Privilege
The skill is not force-included (always:false) and follows the platform default for autonomous invocation. It does promote background/sentinel modes (persistent monitoring) and autonomous network actions; that persistent monitoring combined with optional admin actions increases the blast radius if misconfigured or malicious. The skill does not appear to modify other skills or platform-wide configs, but its integration examples instruct adding tool descriptions to agent/system prompts — a practice that should be applied cautiously.
Scan Findings in Context
[system-prompt-override] unexpected: The SKILL.md and README include examples telling integrators to add the tool description into agent system prompts (Manus example and agent prompt snippets). While integration guidance is expected, the 'system-prompt-override' pattern is flagged because instructions that suggest altering system prompts can be used to elevate a tool's influence over the host agent. Treat these instructions with care and avoid blindly applying them.
What to consider before installing
This package appears to implement the wireless diagnostics and SAC-LTC agent it claims, but it also requests persistent monitoring and optional admin-level actions (switching networks, restarting adapters, changing DNS). Before installing: 1) Review sac_ltc_agent.py and any scripts to confirm exactly which system commands and network endpoints are called (look for curl/requests/subprocess usage). 2) Do not grant sudo/UAC to automated actions unless you trust the code and have a recovery plan (manual confirmation is safer). 3) Be mindful of privacy: presence-detection can sense people; disable sentinel/background modes if you don't want continuous sensing. 4) Install and run in a controlled environment (VM or non-critical machine) first; run the provided --test and inspect ~/.net-intel contents. 5) Avoid blindly inserting skill/tool text into agent/system prompts — instead integrate via explicit, minimal tool bindings and require user confirmation for privileged operations. If you are not comfortable auditing the code, do not run it with admin privileges or background/sentinel modes enabled.
train_sac_ltc.py:639
Dynamic code execution detected.
!
README.md:245
Prompt-injection style instruction pattern detected.
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk975p2p34w8wgpt6m0e5d9gb3h84c9p1

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments