ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

rauto-usage

v0.2.3

Execute rauto directly for the user: run device commands, template execution, tx block, tx workflow, multi-device orchestration, replay, backup/restore, and...

0· 253·0 current·0 all-time
by@demohiiiii
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill's stated purpose is to execute rauto operations and the SKILL.md and reference files are tightly focused on running rauto CLI commands, tx/workflow/orchestrate flows, backups, and saved connections. That purpose aligns with the content. However, the metadata declares no required binaries or config paths even though the instructions assume a local 'rauto' CLI and access to runtime paths (e.g., ~/.rauto). The absence of a required-binary declaration is an inconsistency (could be an oversight) and the source/homepage are unknown.
!
Instruction Scope
The runtime instructions explicitly direct the agent to execute arbitrary rauto commands (including config-changing commands, orchestrations, and backup/restore) and to read/use saved connections, record files, backups, and templates. The references name exact filesystem locations (~/.rauto/*) and suggest using saved connections and potentially saved passwords. While the skill mandates confirmation for many destructive actions, it also directs 'Do not ask the user to manually run commands if agent can run them' and will execute read-only commands immediately and change commands when explicitly requested. This means the agent may read local files that can contain credentials and then execute commands that affect network devices. The instructions do not limit the agent from reading local saved connection files or backups when present.
Install Mechanism
This is an instruction-only skill with no install spec and no code files — the lowest-risk install footprint. Nothing will be downloaded or written by an installer. The primary runtime risk comes from the agent executing local commands described in the documentation, not from any bundled code.
Credentials
The skill declares no required environment variables or primary credential, which is consistent with being instruction-only. However, the instructions rely on user-supplied credentials or saved connections stored under ~/.rauto (connection files, saved passwords, backups, records). That means the agent may request or read secrets from local saved-connection files or ask the user to enter credentials. The metadata does not call out access to those local config paths, which is a proportionality mismatch: the skill will operate on sensitive data but didn't declare config access explicitly.
Persistence & Privilege
always is false and the skill is user-invocable; model invocation is allowed (the platform default). Autonomous invocation combined with the ability to execute CLI commands increases the impact radius if the agent is allowed to act without explicit human confirmation. The skill itself requires confirmation for many destructive actions, which mitigates but does not remove the risk — this is a design choice rather than a secret privilege escalation.
Scan Findings in Context
[NO_CODE_FILES_TO_SCAN] expected: The regex-based scanner had nothing to analyze because this is an instruction-only skill (no executable code). That matches the package contents, but it means static findings provide no signal about runtime behavior.
What to consider before installing
This skill appears to be what it says — a playbook for running the 'rauto' CLI and guiding the agent to execute operations (including multi-device orchestration and backup/restore). Before installing or enabling it, consider the following: 1) The SKILL.md assumes a local 'rauto' binary and access to ~/.rauto (saved connections, records, backups), but the metadata does not declare the rauto binary or config-path access; confirm the runtime environment actually has the rauto CLI and inspect where saved connections/backups live. 2) Saved connections or the --save-password flow can hold plaintext or locally stored credentials — avoid instructing the agent to save passwords, and prefer providing per-operation credentials explicitly when needed. 3) Rely on dry-run (--dry-run) and the skill's required confirmation for destructive actions; do not give blanket permission to run replace/restore or broad orchestrations without human review. 4) If you are not comfortable with an agent that can execute local CLI commands against your devices, do not enable autonomous invocation; require manual confirmation for any change actions and review any proposed tx/workflow/orchestrate plans before allowing execution. 5) If you need higher assurance, ask the skill author for a source/homepage and for the metadata to explicitly declare the required 'rauto' binary and any config paths it will read.

Like a lobster shell, security has layers — review code before you run it.

latestvk97av3h2tz0akcr42ae08ebx3982peb6
253downloads
0stars
2versions
Updated 1d ago
v0.2.3
MIT-0
@demohiiiii
latest
Download

Rauto Usage

Execute rauto operations directly for users whenever possible. Do not default to tutorial-style answers.

Core Mode

Prefer action-first behavior:

  1. Parse user goal and classify it as read-only or config-changing.
  2. For read-only operations, run the relevant rauto command immediately.
  3. For config-changing operations, prefer tx/tx-workflow/orchestrate with rollback-aware planning.
  4. If commands are generated by the agent, ask for human confirmation before execution.
  5. Return key results (not raw noise), plus command used.

Execution Rules

  1. For read/query requests, execute immediately:
    • examples: device list, connection list, history list, templates list, replay --list.
  2. For config-changing requests, prefer rollback-capable execution:
    • single block: tx
    • multi-step/multi-resource: tx-workflow
    • multi-device staged rollout: orchestrate
  3. For generated change commands, do not execute immediately:
    • show planned command(s), rollback strategy, and require user confirmation.
  4. For explicit read-only commands (for example show), tx/workflow is not required.
  5. Resolve connection in this priority:
    • explicit command args > --connection <name> > ask for missing fields.
  6. Do not ask the user to manually run commands if agent can run them.
  7. Summarize outputs with important fields:
    • target, mode, success/failure, key errors, next action.

Risk Guardrails

Require explicit user confirmation before destructive actions:

  • rauto backup restore ... --replace
  • profile/template/connection delete operations
  • tx/workflow execution that changes config when user intent is ambiguous

Additional safety requirements for config changes:

  • Prefer tx/tx-workflow/orchestrate with rollback-aware planning over direct apply patterns.
  • Run/offer --dry-run first for workflow-based changes.
  • For orchestrate, review target scope, fail_fast, concurrency, and rollback boundary before execution.
  • Never auto-run agent-generated change commands without confirmation.
  • Include rollback path in the proposal before execution.

If user explicitly asks to execute destructive action, proceed.

Missing Input Strategy

Ask only for missing must-have fields:

  • For exec/template/tx/tx-workflow/orchestrate/connection test:
    • need either full host credentials or usable --connection.
  • For replay:
    • need record file path or JSONL source.
  • For history queries:
    • need connection name.

Response Format

When command is executed, report:

  1. Operation: what was run
  2. Command: exact rauto command
  3. Result: key output summary
  4. Notes: risk, errors, or follow-up actions

Navigation (Load References On Demand)

  • Agent execution decision tree and command templates: references/agent-execution.md
  • Full CLI command cookbook: references/cli.md
  • Runnable multi-device orchestration JSON templates (EN): references/orchestration-json-template.md
  • Multi-device orchestration pre-flight review: references/orchestration-risk-check.md
  • Runtime storage paths: references/paths.md
  • Troubleshooting and recovery: references/troubleshooting.md
  • End-to-end operation scenarios: references/scenarios.md
  • English Q/A examples: references/examples.md
  • Runnable workflow JSON templates (EN): references/workflow-json-template.md
  • Web tab/card mapping (only when user asks for Web operations): references/web.md

Comments

Loading comments...