ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

openclaw-fallback-skill

v1.0.0

Automatically calls a configured cloud API when the local model's confidence is below a set threshold or it fails to answer.

0· 75·0 current·0 all-time
by@dream458268696
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The skill's stated purpose is to call a cloud model only when the local model is uncertain. However, the shouldFallback() implementation always returns true (unconditional fallback), meaning it will call the cloud model on every request. That behavior is inconsistent with the description and likely disproportionate to the intended purpose.
!
Instruction Scope
Runtime instructions and code send system prompt, recent conversation history, and any context.metadata.userInfo to the configured external API. That can leak user data/PII to the remote model; the skill also tests the API on init (sends a 'ping') which will transmit the API key and request details immediately.
Install Mechanism
This is an instruction-plus-code skill with no platform install spec; readme asks to run 'npm install axios'. No remote downloads or extract steps are present, which limits supply-chain risk, but you must run npm to install axios (a normal dependency).
!
Credentials
The skill does not require environment variables but ships a config.json containing an API key (sk-6cbc...) and apiUrl. Including a long-lived secret in the repository/config file is disproportionate and risky. The skill will use that key to authenticate requests; ideally keys should be provided at runtime via secure config or environment and not committed to the package.
Persistence & Privilege
The skill does not request always:true and does not modify other skills; autonomous invocation is allowed (platform default). Combined with the unconditional fallback behavior, autonomous invocation increases the chance of unintended data exfiltration to the external API.
What to consider before installing
Don't install this into a production agent without remediation. Key actions to consider before use: - Treat the included config.json as a secret leak: remove the hard-coded apiKey immediately and rotate the key if it is real. - Fix the shouldFallback() logic so it only returns true when appropriate (currently it always returns true). - Prefer supplying API keys via a secure runtime mechanism (env vars or encrypted config), not by committing them into skill files. - Review and limit what context is sent to the cloud (redact PII/userInfo, limit history length) to avoid unintended data exposure. - Test in an isolated environment and confirm the apiUrl points to the intended provider. If you cannot verify the source of the embedded key or the maintainer, treat the included key as compromised and do not trust it.

Like a lobster shell, security has layers — review code before you run it.

latestvk97chxdvzkv2gjdva26krdpte983k8qr

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments