Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
ClawBridge
v1.1.1Mobile-first dashboard for OpenClaw agents showing real-time activity, token costs, and cron task control from your phone.
⭐ 0· 462·7 current·7 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The declared capabilities (Node app sidecar, local dashboard, token tracking, optional Cloudflare tunnel) match the dependencies and files the SKILL.md describes (node/npm, .env with ACCESS_KEY, user-level systemd service, optional cloudflared). Minor inconsistency: registry metadata listed no install spec/envs, while the SKILL.md contains explicit install instructions and environment variables (ACCESS_KEY, TUNNEL_TOKEN, etc.). That mismatch is noteworthy but explainable (instruction-only skill embeds its own install steps).
Instruction Scope
The SKILL.md instructs the agent/user to run a remote install script (curl ... raw.githubusercontent.com | bash), register a user-level systemd service (~/.config/systemd/user/clawbridge.service), write a .env with an ACCESS_KEY and optional tunnel token, and optionally download and run cloudflared for a remote tunnel. These steps grant the skill persistent presence, outbound connectivity, and the ability to run arbitrary code fetched at install/update time. The instructions are somewhat high-level (no explicit safety checks) and allow the installer to enable remote access — this broad scope increases risk if the fetched scripts are malicious or compromised.
Install Mechanism
Installation is performed by piping a script from raw.githubusercontent.com into bash (curl -sL https://raw.githubusercontent.com/dreamwing/clawbridge/master/install.sh | bash). Download-and-execute from a remote URL is a high-risk install pattern because it runs arbitrary remote code at install and update time. While GitHub raw URLs are common for open-source installs, they still require manual review; the install also may fetch cloudflared and place binaries under skills/clawbridge/, creating executable artifacts on disk.
Credentials
Environment variables listed in the SKILL.md (ACCESS_KEY generated at install, PORT, TUNNEL_TOKEN, ENABLE_EMBEDDED_TUNNEL, OPENCLAW_PATH) are reasonable for a dashboard/tunnel service. No unrelated cloud credentials or broad secrets are requested. However, TUNNEL_TOKEN is sensitive (it grants remote access to the tunnel) and ACCESS_KEY is stored in a local .env; users should understand where secrets are stored and who can read skills/clawbridge/.env.
Persistence & Privilege
The skill registers a user-level systemd service that auto-starts on login and restarts on failure, and may download/run cloudflared for remote access. This gives the skill persistent background execution under the user account and network reachability (if tunneling enabled). 'always' is false and model invocation remains allowed (normal), but persistence combined with remote-access capability and remote script updates increases blast radius compared to a transient instruction-only skill.
What to consider before installing
Before installing: (1) Do NOT pipe the install URL directly to bash without inspection — fetch https://raw.githubusercontent.com/dreamwing/clawbridge/master/install.sh and review its contents first; (2) Verify the project source and release authenticity (the registry listing shows 'source unknown' while SKILL.md references dreamwing/clawbridge and a homepage), and prefer installing from a pinned release or reviewing the repo history; (3) Understand persistence: the installer creates a user systemd service and writes skills/clawbridge/.env (which will contain ACCESS_KEY and optional TUNNEL_TOKEN). Keep TUNNEL_TOKEN private and only enable remote tunnels if you trust the code and host; consider alternative remote access (VPN) if you need stronger control; (4) If you cannot audit the install script, consider running in a restricted/sandboxed environment or avoid installing. Finally, inspect what data the dashboard will read (agent logs, token usage) to confirm you’re not exposing sensitive data to a remote endpoint.Like a lobster shell, security has layers — review code before you run it.
latestvk9710v9hh6q3sfead8n8ghdcbx81wtpa
License
MIT-0
Free to use, modify, and redistribute. No attribution required.