ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

network-device-scanner

v1.0.1

扫描局域网内活跃设备及其开放端口,返回格式化Markdown表格。触发场景:(1) 用户说"查一下周边设备有哪些"、"扫描周边设备"、"看看网络有哪些设备"、"局域网有哪些设备" (2) 用户提到IP地址、MAC地址、端口扫描相关的查询

0· 300·2 current·2 all-time
byLi Xudong@doooxu
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
Purpose & Capability
The name/description (LAN device + port scanning) aligns with the provided Python and Node scripts which perform ARP/ping discovery and TCP port scans. However both scripts are hard-coded to the 172.16.10.0/24 subnet and include a hard-coded additional IP (172.16.10.234). That restriction is surprising/unhelpful for general use and may not match a user's actual LAN. The SKILL.md also references a PowerShell script (scripts/scan.ps1) for Windows but that file is not present in the bundle (incoherence).
Instruction Scope
SKILL.md instructs running local scripts that will actively probe devices via ARP, ping, and TCP connects to multiple ports — this is within the stated scope. Note: the skill performs active network scans which can be noisy and, when run against networks you don't own/authorize, may be legally or operationally problematic. The SKILL.md warns 'only for user-owned networks' but does not (and cannot) enforce that.
Install Mechanism
No install spec; this is instruction-plus-scripts only. No external downloads or package installs are declared. The code relies on locally available tools (arp, fping, nmap, ping) if present, which is reasonable and low-risk from an install perspective.
Credentials
The registry metadata declares no required environment variables or credentials. The Python script, however, reads SCAN_EXTRA_IPS from the environment to add extra targets (defaulting to 172.16.10.234 if unset). That env-var use is minor but undocumented in SKILL.md metadata. No sensitive credentials are requested or used.
Persistence & Privilege
The skill does not request persistent inclusion (always:false) and does not modify system or other skills' configs. It simply runs local scripts when invoked.
What to consider before installing
Before installing or running this skill: (1) review the scripts yourself — they will actively probe IPs and ports on your local network (ARP, ping, TCP connect). Running them on networks you don't own or without permission can be illegal or disruptive. (2) Note the scripts are hard-coded to 172.16.10.0/24 and add 172.16.10.234 — edit the NETWORK/addresses or set SCAN_EXTRA_IPS if you need a different subnet. (3) SKILL.md mentions a Windows PowerShell script (scripts/scan.ps1) that is not included; Windows instructions as written will fail. (4) The tool does not exfiltrate results to external endpoints, but prints scan output locally — still treat scan output as sensitive. (5) Prefer running in a controlled environment or test VLAN first; if you proceed, run the Python/Node files with a non-privileged account and monitor network/security policies. If you need higher assurance, ask the publisher for a missing PowerShell script and for the ability to configure target subnet via parameters rather than hard-coded values.
scripts/scan.cjs:18
Shell command execution detected (child_process).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk9704q5fcxbsh4sfbxsvj8tjzd8372w2

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments