ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Where are you from

v1.0.1

An enterprise-grade asset manager that tracks, manages, and automatically syncs OpenClaw skills capabilities and sources to your GitHub.

1· 38·0 current·0 all-time
by@downwind7clawd-ctrl
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill claims to scan installed skills and optionally push manifests to your GitHub — and the code implements scanning, manifest generation, git commit, and git push. However the package/registry metadata lists no required binaries or env vars while both SKILL.md and the code clearly require Node.js and Git. That mismatch (no declared required binaries despite Node/Git being prerequisites) is an incoherence the user should be aware of.
Instruction Scope
Runtime instructions and code limit scanning to configured roots (default: ~/.openclaw/skills and ./skills) and explicitly mask credential-like patterns before writing manifests, which is consistent with the stated purpose. Two noteworthy points: (1) the sync workflow can perform network operations (git push) to a configured remote — SKILL.md promises a confirmation prompt but the agent-run automation model could attempt to invoke this workflow; (2) the sync --push path uses an interactive readline prompt for confirmation, which may block or behave unexpectedly if invoked non-interactively by an agent.
Install Mechanism
There is no install spec (the skill is distributed as source files and intended to be run with Node.js). No external download URLs or package installs are performed by the skill itself, so disk writes are limited to config and manifest files it explicitly creates. This is low install-surface risk, but remember it writes manifests and .gitignore and initializes git repos in the workspace.
Credentials
The skill requests no environment variables or credentials in metadata, and the implementation relies on the existing local git auth (SSH keys or credential helpers) rather than explicitly asking for a GITHUB_TOKEN. This is reasonable but should be explicit: if you want pushes to succeed you must provide git-authentication out-of-band. The code reads user home paths (process.env.HOME / USERPROFILE) and a skills.lock file if present — those are relevant to detecting skill origins. No other unrelated credentials are requested.
Persistence & Privilege
The skill is not marked always:true and does not request permanent elevated privileges. It can be invoked autonomously by default (disable-model-invocation is false), which is platform-default and expected for agent skills, but combining autonomous invocation with filesystem scanning and optional pushes increases risk surface — consider whether you want the agent to run sync/push workflows without explicit, per-action approval.
What to consider before installing
What to check before installing / running this skill: - Required tools: The code and README require Node.js (v14+) and Git, but the registry metadata lists no required binaries — install Node and Git first and be prepared to provide Git authentication (SSH key, credential helper, or token) for pushes to work. - Review searchRoots: The default scan roots include ~/.openclaw/skills and ./skills. Edit ~/.openclaw/inventory.json before scanning to avoid exposing folders you don't want to be cataloged or pushed. - Inspect the generated manifest before pushing: The tool masks common key patterns, but automatic masking is not perfect. Run inventory sync locally, open SKILLS_MANIFEST.md/SKILLS_MANIFEST.json, and verify there are no secrets or sensitive contents before running sync --push. - Understand network behavior despite SECURITY.md: The included SECURITY.md incorrectly states "no network requests" — git push will contact remote repositories if you instruct it to push. If you do not want any network activity, avoid running sync --push or do not configure a remote. - Be cautious with autonomous invocation: Because the agent can invoke this skill, an automated agent could run scanning and attempt to push manifests. If you prefer manual control, disable autonomous invocation for this skill or ensure prompts are required and handled by a human. - Sandbox first: Run the tool in a safe test folder (or with a temporary git repo without a remote) to observe its behavior: bootstrap -> status -> sync (without --push) to confirm manifest contents and masking behavior. If you want to proceed, consider setting autoPush:false (default) and explicitly reviewing manifests before any push. If anything in the manifest looks surprising, do not push and investigate the source folders and SKILL.md files the tool discovered.
utils/gitManager.js:10
Shell command execution detected (child_process).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

inventoryvk975rs5mxcceby17fwh58wpdms83zk48latestvk975rs5mxcceby17fwh58wpdms83zk48managementvk975rs5mxcceby17fwh58wpdms83zk48openclawvk975rs5mxcceby17fwh58wpdms83zk48skillsvk975rs5mxcceby17fwh58wpdms83zk48

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments