Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
diff4
v1.0.0Preview git diffs and files using the diff4 CLI. Use when the user wants to see code changes, review files content securely via diff4
⭐ 0· 22·0 current·0 all-time
byRandy@djyde
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
Name and description match the instructions: the skill runs a diff4 CLI to read git diffs or files and upload them. However the registry metadata lists no required binaries or env vars while the SKILL.md explicitly requires the diff4 CLI and references DIFF4_PASSPHRASE/DIFF4_SERVER environment variables — this mismatch is incoherent.
Instruction Scope
Runtime instructions tell the agent to run git diffs and read arbitrary file paths (absolute or relative) and then encrypt & upload them. Reading arbitrary files and uploading them (even encrypted) is a potential exfiltration vector. SKILL.md also directs key-gen to update shell rc files (replacing DIFF4_PASSPHRASE), which is a persistent side-effect not declared in the skill metadata.
Install Mechanism
No install spec is included in the registry, but the SKILL.md requires installing `@diff4/cli` via `npm i -g`. The absence of an install specification in the package metadata is an inconsistency: the skill expects a third-party npm package but does not declare or vet an install source or origin.
Credentials
The skill metadata declares no required environment variables, yet SKILL.md uses DIFF4_PASSPHRASE (for encryption) and DIFF4_SERVER (server override). The instructions also state key-gen will replace passphrases in shell config — this implies write access to user shell files. The presence of unspecified env/config manipulation is disproportionate to the metadata and should be declared explicitly.
Persistence & Privilege
The skill is not always-enabled and does not request special platform privileges. However, its key-gen behavior writes/updates shell config (persistent change to the user's environment), which is a sensitive side-effect that was not declared as a config-path requirement.
What to consider before installing
This instruction-only skill appears to do what it says (preview and share diffs) but has several red flags: (1) the SKILL.md requires the third-party `@diff4/cli` npm package though the registry lists no install requirements — verify the exact npm package name and publisher before installing; (2) the instructions reference DIFF4_PASSPHRASE and DIFF4_SERVER though no env vars are declared — expect to provide/store a passphrase and be aware key-gen will modify your shell rc file; (3) the tool reads arbitrary file paths and uploads encrypted blobs to an external server (default https://diff4.com) — even encrypted uploads can leak sensitive content if the passphrase or server are compromised; (4) there is no homepage or source listed, so the origin is unknown. Recommended actions before installing: confirm the official diff4 project (homepage, repo, npm publisher), inspect the npm package contents for unexpected code, prefer a self-hosted server or verify TLS/PKI for diff4.com, and avoid using the skill to upload secrets or system files until you trust the package and server. If you plan to use it, explicitly set and manage DIFF4_PASSPHRASE and review how key-gen updates shell configs.Like a lobster shell, security has layers — review code before you run it.
latestvk97443re90pzqm9xr37ekdwbw584qyg8
License
MIT-0
Free to use, modify, and redistribute. No attribution required.