ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Ralph Quick Security Check

v3.0.0

Fast security spot-check with 10 iterations (~5-10 min). Use when user says 'quick security check', 'pre-deploy audit', 'ralph quick', 'fast security scan',...

0· 674·0 current·0 all-time
by@dorukardahan
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (quick security spot-check) align with the instructions: the SKILL.md explicitly directs repository discovery, secret and OWASP-style checks, and lightweight infra checks. No unrelated binaries, env vars, or external services are requested.
Instruction Scope
Instructions require reading repository files (git metadata, package manifests, Dockerfiles, CI configs, source code) and saving a report to .ralph-report.md — all relevant to the stated purpose. Be aware the VERIFY step allows code reading and 'PoC' style verification (VERIFIED), which could lead the agent to execute or construct proofs-of-concept if the agent is permitted to run commands; that behavior is coherent for a security audit but raises operational risk and should be limited or sandboxed in production environments.
Install Mechanism
Instruction-only skill with no install spec and no code files; no downloads or external packages are pulled. Low install risk.
Credentials
No environment variables, credentials, or config paths are requested. The checks are file- and repo-focused, so required access is proportionate to the stated purpose.
Persistence & Privilege
always is false and the skill does not request persistent system-wide privileges. It writes/renames a report file in the workspace (.ralph-report.md) which is expected behavior for an audit tool; it does not claim to modify other skills or agent configs.
Assessment
This skill is internally consistent for a quick repo-focused security spot-check. Before installing or running it: - Ensure the agent runs in a safe workspace or a checked-out copy (it will read source code, CI files, Dockerfiles and may rename or write .ralph-report.md). - If you do not want any code executed, restrict the agent from running shell commands or performing PoC verification; treat VERIFIED findings that require PoC as manual actions. - Review report outputs and any file renames before committing them to source control. - Prefer running this skill on non-production or CI snapshots when you want it to perform any potentially disruptive verification steps. If you need stricter guarantees (no execution, no writes), require the skill to operate in read-only mode or provide a configuration that disallows PoC/execution steps.

Like a lobster shell, security has layers — review code before you run it.

latestvk97fkpp2qxmc7w37d2jnf0m1gh81e445

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🔍 Clawdis

Comments