Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Security Skill Scanner
v0.1.0Security scanner for ClawdHub skills - detects suspicious patterns, manages whitelists, and monitors Moltbook for security threats.
⭐ 4· 2.3k·4 current·4 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The description and instructions describe a Python/Bash-based scanner, whitelist manager, Moltbook monitor, and install-hook that can block installs — all reasonable for a 'security scanner' — but the package contains no code files or install spec. The SKILL.md expects scripts at /root/clawd/skills/security-skill-scanner/* and a Python module import, yet no such files are bundled. The metadata also fails to declare required runtimes (python3, bash). This inconsistency (claims vs. actual package contents) is a red flag.
Instruction Scope
Runtime instructions direct the operator to execute specific scripts (skill-scanner.py, whitelist-manager.py, moltbook-monitor.sh, install-hook.py), read/write files under /root/clawd and /tmp, add cron jobs, and modify shell profiles to wrap the molthub command. Those actions can affect system behavior and intercept skill installations. Because the scripts are not included, following the instructions would either fail or require fetching/creating external code — increasing risk.
Install Mechanism
There is no install specification and no code files. The SKILL.md assumes local scripts already exist or must be placed at /root/clawd/skills/security-skill-scanner. The lack of an explicit, auditable install source (git repo clone, release tarball, package manager entry) means a user or agent would need to obtain code from an external/unknown source before the described functionality can run — a high-risk situation.
Credentials
The skill declares no environment variables or credentials, which is proportionate for a scanner. However, the instructions recommend writing to system locations (/root, /var/log, /tmp), modifying ~/.bashrc to intercept installs, and scheduling cron jobs — actions that grant ongoing influence over the environment despite no explicit credential requests. No secrets are requested, but the recommended changes increase the skill's effective reach.
Persistence & Privilege
Although the registry flags do not force persistence, the SKILL.md encourages persistent installations: cron jobs for periodic scans and a shell wrapper for molthub to run the install-hook on every install. Those manual steps would give the scanner long-lived control over the install flow and logs; recommending them without bundled, reviewable code is a significant privilege escalation and should be treated cautiously.
Scan Findings in Context
[NO_CODE_FILES] unexpected: The skill's SKILL.md references multiple scripts and a Python module (skill-scanner.py, whitelist-manager.py, moltbook-monitor.sh, install-hook.py, permission-manager.py, data/whitelist.json), but the package contains no code files. This prevents verification of the behavior the SKILL.md describes.
What to consider before installing
Do not run or install this skill as-is. Before trusting it, obtain and review the referenced code (the repository or release artifact), confirm a secure install source (git tag or release on the project's homepage), and have someone with security knowledge audit the scripts for actions that alter shell profiles, create cron jobs, or intercept installs. If you must test, do so in an isolated VM or sandbox, and verify how the whitelist is managed (who can edit data/whitelist.json). Prefer an install spec that pins a known release and includes checksums or signatures; avoid adding the molthub wrapper or cron jobs until the code is reviewed and you understand uninstall/remediation steps.Like a lobster shell, security has layers — review code before you run it.
latestvk976sc47ba70d5rxsxtmhkzbx5809c2c
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🔒 Clawdis