Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Create Skill
v1.0.0Guide for creating and importing skills. Use when users need to create or import skills.
⭐ 0· 336·5 current·5 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description (create/import skills) align with the delivered artifacts: SKILL.md plus two helper scripts for unzipping and registering skills. No unrelated env vars, binaries, or network endpoints are requested.
Instruction Scope
SKILL.md explicitly instructs the agent/operator to run the included Python scripts to extract zip packages and register skill folders. Those instructions require the agent to execute bundled code that performs filesystem operations and copies files into the user's home directory; this goes beyond passive guidance and grants the skill the ability to place persistent files on disk. The SKILL.md also strongly insists 'under no circumstances generate other scripts', which is restrictive and forces reliance on the bundled scripts.
Install Mechanism
There is no install spec (instruction-only), but the package includes two extraction/registration scripts that will create directories and copy files. The unzip implementation uses zipfile.extractall in the fallback path and performs path joins without sanitizing archive member paths, making it susceptible to Zip Slip / path traversal attacks (archive entries could write outside the intended directory). This is a high-risk pattern for any skill that extracts untrusted zip files.
Credentials
No environment variables, credentials, or unrelated configuration paths are requested. The scripts act on local filesystem only (user home directory), which is proportionate for a skill-registration/import utility—but still notable because writing to ~/.easyclaw/skills persists content on disk.
Persistence & Privilege
The registration script copies a provided skill folder into ~/.easyclaw/skills, creating persistent files under the user's home directory. While expected for a registration tool, combined with the unzip script's lack of sanitization this allows a malicious zip to install arbitrary files persistently. always:false and normal autonomy settings reduce systemic privilege concerns, but the script still makes durable changes to the user's environment.
What to consider before installing
This skill is coherent with its stated purpose, but it includes two Python helpers that extract zip files and copy folders into ~/.easyclaw/skills. Before running anything:
- Inspect the zip contents manually rather than running the unzip script on untrusted zips (look for '../' or absolute paths and unexpected executable files).
- Review the two Python scripts (easyclaw_unzip_skill.py and easyclaw_register_skill.py) yourself — note the unzip fallback uses zipfile.extractall and the code does not sanitize archive member paths (Zip Slip risk).
- Run extraction/registration in a safe sandbox (isolated VM, container, or non-privileged account) if you must handle untrusted packages.
- If you control the package, consider extracting manually and verifying SKILL.md and scripts before registering.
- If you plan to automate imports, add path-sanitization checks (reject entries with '..', absolute paths, or unexpected permissions) and limit where files can be written.
If you want, I can point out the exact lines in the scripts that are risky and suggest safer extraction code you can use.Like a lobster shell, security has layers — review code before you run it.
latestvk97c8fe32kygtkwysb1ck1zvbx828rap
License
MIT-0
Free to use, modify, and redistribute. No attribution required.