ClawHub

OpenScan

v1.0.0

Scan binaries and scripts for malicious patterns before trusting them. Use when installing skills, evaluating unknown binaries, or auditing tool dependencies.

0· 1.1k·2 current·2 all-time
by@dev-null321
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
Purpose & Capability
Name, README, SKILL.md and implementation align: a Node.js-based static scanner for Mach-O/ELF/scripts. Declared platform/node constraints match code. No unrelated environment variables, binaries, or install steps are requested.
!
Instruction Scope
Runtime instructions and code stay within scanning/auditing scope (reading files, parsing binaries, computing hashes, pattern matching). However scanner.js uses child_process.execSync to run codesign via a constructed shell command: execSync(`codesign --verify --deep --strict "${filePath}" 2>&1`, ...). Because execSync is called with a shell string and an unescaped filePath is interpolated inside double quotes, a filename containing a double-quote or other shell metacharacters could terminate the quoted string and inject shell commands. This is a command-injection vulnerability when scanning attacker-controlled paths or untrusted skill folders. The scanner also reads entire directories/files (including contents that may include passwords or secrets), so while it doesn't exfiltrate by itself, scanned data could be sensitive and should be handled with caution.
Install Mechanism
No install spec; code is bundled in the skill. No remote downloads or archive extraction. This is low risk from an install-mechanism perspective.
Credentials
The skill requires no environment variables, credentials, or config paths. All filesystem access is for scanning; there are no network endpoints, API keys, or unrelated credentials requested.
Persistence & Privilege
Skill is not always-enabled, does not request elevated platform privileges, and does not modify other skills or system agent configuration. Autonomous invocation is allowed (platform default) but not by itself problematic here.
What to consider before installing
This skill appears to implement what it advertises (static scanning) and has no credential requests, but exercise caution before using it on untrusted inputs or integrating it automatically: 1) The code runs a shell command (codesign) with an interpolated file path via execSync — that can be abused if an attacker controls a filename. Prefer a patched version that uses child_process.execFile / spawn with an args array or properly escapes/sanitizes paths. 2) The scanner reads file contents and computes hashes; do not run it on directories containing secrets unless you trust its environment. 3) There's a small metadata inconsistency (homepage vs package repository); verify origin (author/repo) before trusting. Recommended actions: review/patch the codesign invocation, run the tool in an isolated environment (container/VM) until patched, or only scan files from trusted sources.

Like a lobster shell, security has layers — review code before you run it.

latestvk971gsrsh9esa193mmsns2aw4n80qf87

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🛡️ Clawdis

Comments