Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
clawsec-nanoclaw
v0.0.3Use when checking for security vulnerabilities in NanoClaw skills, before installing new skills, or when asked about security advisories affecting the bot
⭐ 0· 495·4 current·4 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
Name/description (ClawSec for NanoClaw) match what the files implement: advisory feed fetching, signature verification, MCP tools, and file integrity monitoring. Required artifacts (host-side services, cache files, policy.json, MCP tool registration) are expected for this purpose.
Instruction Scope
SKILL.md instructs editing host startup/ipc/agent-runner files and creating a host advisory cache service. It explicitly reads/writes host paths (/workspace/project/data, /tmp, etc.), exposes tools to agents (MCP tools) and schedules periodic tasks; this scope is appropriate for the stated function but gives the skill host-level filesystem access and the ability to auto-restore critical files.
Install Mechanism
No install script that downloads arbitrary archives; installation is manual copying of the skill directory and editing host source to import modules. The runtime fetch is only to a single HTTPS feed URL (https://clawsec.prompt.security) and the code verifies signatures with a pinned public key.
Credentials
The skill declares no environment variables or external credentials, which is consistent, but it does require write/read access to host directories and modification of host code and startup—privileges that are proportionate for a host-side security service but should be granted only to administrators. No undeclared secrets or unrelated credentials are requested.
Persistence & Privilege
always:false (normal). However, installation requires modifying host startup to run an advisory cache manager and register MCP tools so the skill will have ongoing presence and the ability to be invoked by agents. Features like auto-restore of critical files and the 'clawsec_approve_change' tool are powerful and can be abused by malicious agents or misconfigured scheduled tasks; the docs call this out but administrators should tightly control who/what can invoke these tools.
Assessment
This skill appears to do what it says: a host-side advisory cache, signature verification, agent-facing MCP tools, and file integrity monitoring for NanoClaw. Before installing: (1) only install on a host you control and test in staging; the INSTALL.md requires editing host startup and IPC code and granting filesystem access; (2) review and verify the pinned public key in host-services/advisory-cache.ts (ensure it matches an authoritative ClawSec key) and confirm the feed URL's trustworthiness; (3) audit and restrict which agent identities or scheduled tasks can call MCP tools, especially clawsec_approve_change and integrity/restore functions; (4) consider running the advisory cache service under a least-privileged account and limit write access to baseline directories; (5) if you cannot perform those checks, do not deploy to production. If you want more assurance, ask for the repository provenance (homepage, maintainer identity, and signed release artifacts) and run the included tests in a controlled environment.lib/signatures.ts:156
File read combined with network send (possible exfiltration).
About static analysis
These patterns were detected by automated regex scanning. They may be normal for skills that integrate with external APIs. Check the VirusTotal and OpenClaw results above for context-aware analysis.Like a lobster shell, security has layers — review code before you run it.
latestvk97e0d5qqtmxdjgf8th69ajaas82kp3t
License
MIT-0
Free to use, modify, and redistribute. No attribution required.