ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Claw Code Suite (Python-Only Edition)

v1.0.1

Python-only integration of Claw Code harness engineering project with OpenClaw. Provides access to 184 tools and 200+ commands for security analysis, code qu...

0· 46·0 current·0 all-time
by@devita3323
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
CryptoRequires OAuth token
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description (Python-only port of Claw Code exposing many tools) matches the included Python source that enumerates 184 tools / ~200 commands. Requiring only python3 is proportionate. However the repository contains artifacts that don't fully align with a minimal Python-only offline toolset: package.json and capability index entries referencing TypeScript/TSX sources (WebFetchTool, WebSearchTool, many TS/JS command sources), README/CLAW.md/PARITY.md text that references a removed Rust workspace and network-capable services, and a telemetry folder mentioned in SKILL.md. These leftovers and references are plausible for a large port but introduce ambiguity about what actually runs.
!
Instruction Scope
SKILL.md instructs running run.sh and executable harness wrappers (claw_harness.py, claw_harness_enhanced.py, claw_wrapper.py) and exposes 'exec-tool' and 'exec-command' operations. The skill asserts 'NO NETWORK ACCESS' and offers a grep-based verification (searching Python imports for requests/http.client/urllib/socket), but that verification is limited and can miss other network-capable code (third-party binaries, subprocesses that call curl/ssh, or modules that open sockets without obvious imports). Files of concern to inspect before running: run.sh, claw_harness*.py, claw_wrapper.py and scripts/, verify-security*.sh, remote_runtime.py, upstreamproxy modules, and any telemetry/event-logging code. The instructions provide broad execution capabilities (running tools/commands) which could run arbitrary payloads if the harness or wrappers call subprocesses or accept unvalidated inputs.
Install Mechanism
No install spec is provided (instruction-only), so nothing will be downloaded or written to disk by an installer. All code is bundled with the skill, which reduces supply-chain risk from external downloads but increases the need to audit the included files because they will be executed locally if invoked.
Credentials
The skill declares no required credentials and only optional environment variables for local configuration (CLAW_CODE_WORKSPACE, CLAW_CODE_TIMEOUT_SEC, etc.), which is proportionate. That said, the tree references telemetry, upstream/remote modules, and capability entries for web-related tools — none of which appear as required env vars or credentials in SKILL.md. The mismatch (no declared creds but presence of telemetry/remote artifacts) is suspicious and should be verified: ensure telemetry is local-only and remote modules are inert or stubbed.
Persistence & Privilege
The skill does not request 'always: true' and uses default invocation settings (user-invocable, agent-autonomous invocation allowed). It does not declare modifications to other skills or system-level settings. No persistence or privilege escalation markers were found in the manifest.
What to consider before installing
This package appears to be a large Python port of a complex project and is not obviously malicious, but it contains multiple artifacts that contradict the SKILL.md's strong 'offline / no network' claim. Before installing or running: 1) Manually inspect run.sh, claw_harness.py, claw_harness_enhanced.py, claw_wrapper.py and scripts/* for subprocess.call/exec, socket usage, or code that invokes external binaries. 2) Grep the full tree (not only Python imports) for network indicators: 'socket', 'requests', 'urllib', 'http.client', 'aiohttp', 'websocket', 'curl', 'wget', 'ssh', 'scp', 'nc', 'telnet', 'open('http', or any HTTP URL strings'. 3) Review telemetry/ event-logging code to confirm it writes locally only and does not post to external endpoints. 4) Check the verify-security*.sh scripts to see what they scan and what they might miss. 5) Run the skill in an isolated sandbox or disposable VM, with network disabled, to observe runtime behavior and outputs. 6) If you need stronger assurance, ask the maintainer for an audit log or minimal reproducible example showing that network/credential paths are absent at runtime. Given the repository size and references to remote-capable subsystems (even if removed), exercise caution and audit the harness wrappers before trusting automated execution.

Like a lobster shell, security has layers — review code before you run it.

latestvk97a1hn399q6y52e1gpjbn7xy584cc05offlinevk97a1hn399q6y52e1gpjbn7xy584cc05pythonvk97a1hn399q6y52e1gpjbn7xy584cc05security-auditedvk97a1hn399q6y52e1gpjbn7xy584cc05

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🦞 Clawdis
Binspython3

Comments