ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Workspace Guard

v1.0.0

Workspace boundary enforcement and file operation safety checks. Use before ANY file operation (read, write, edit, exec, delete) to: (1) Validate paths are w...

0· 65·0 current·0 all-time
bydougchambers@dougchambes
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill claims to enforce workspace boundaries (~/openclaw) but hardcodes /home/iamlegend/.openclaw/workspace in many places. That hardcoded username makes the guard unusable or incorrect for other users and is disproportionate to a generic 'workspace guard' which should derive the workspace from $HOME or a config. Several examples (audit log path /workspace/memory/audit.log, blocked /home/** rules vs allowed /home/iamlegend/**) conflict with the stated workspace root.
!
Instruction Scope
Instructions contain sensible pre-flight checks, but show contradictions and risky patterns: guard_exec's regex (/home/[^/]+|/etc/|...) will match the legitimate workspace path and can mislabel safe commands as touching external paths; guard_path does not allow the workspace root itself (only workspace/*) while other docs say the root is allowed; logging functions write to /workspace/memory/audit.log but other examples reference memory/audit.log (relative) — inconsistent targets. The skill also suggests expanding env vars and using eval on paths, which if used carelessly can introduce command injection risk in agents that pass untrusted strings to eval.
Install Mechanism
Instruction-only skill with no install spec or remote downloads — lowest install risk. There is no code written to disk by an installer.
Credentials
The skill requests no credentials or config paths, which is appropriate. However it relies on $HOME/tilde expansion and hardcoded /home/iamlegend; it should instead use $HOME or a configurable workspace variable. Also it references reading/writing an audit log path outside the declared workspace (e.g., /workspace/memory/...), which is disproportionate unless explained.
Persistence & Privilege
The skill is not always:true and does not request system-wide changes. Autonomous invocation (disable-model-invocation:false) is the platform default — not a standalone red flag here. There is no install-time persistence requested.
What to consider before installing
This skill is plausible for enforcing file boundaries but has several implementation issues you should address before trusting it: (1) Replace hardcoded /home/iamlegend with a configurable workspace root (default to $HOME/.openclaw/workspace). (2) Ensure all log and state files are placed inside that workspace (audit log path should be under the workspace) and fix inconsistent absolute vs relative paths. (3) Fix regexes that overmatch (guard_exec's /home/[^/]+ will flag the user's own workspace); avoid patterns that treat legitimate workspace paths as external. (4) Avoid using eval on user-supplied paths or sanitize inputs to prevent injection. (5) Make behavior around the workspace root (exact path vs children) consistent. If the author cannot justify the hardcoded paths or the audit/log locations, treat the skill as untrusted. If you plan to install, ask the author for a configurable workspace variable, confirm log locations, and prefer a reviewed/parametrized version.

Like a lobster shell, security has layers — review code before you run it.

latestvk9756rs0gmdy8kgjsvwqsggma583b4a7

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments