ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Clawhub Upload

v1.0.4

macOS security monitoring for OpenClaw

0· 820·0 current·0 all-time
byMaclaw@drg3nz0
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The README/SKILL.md claim “52+ tasks”, many advanced detectors, and remote/Pro features, but the actual code implements only seven commands (camera-status, microphone-status, firewall-status, vpn-checker, open-ports, wifi-scanner, block-app). The marketing/upgrade messaging is disproportionate to the implemented capability (upsell behavior). Declared permissions (fs.read, network) are broader than what the code uses (the code only executes local commands).
!
Instruction Scope
SKILL.md explicitly requests exec, fs.read, and network permissions and instructs npm installation; the runtime code relies on exec to run lsof, scutil, system_profiler and socketfilterfw (local commands) and does not read files or make network calls. The skill text also promises 'All monitoring stays on your Mac' and pro features that would send alerts externally — but those are not implemented in the shipped code. This mismatch is scope creep/marketing inconsistency.
Install Mechanism
Registry metadata lists no install spec even though package.json and SKILL.md instruct installing via npm (npmjs package and GitHub repo URLs present). There is no remote download in the registry spec, and the included code is local; still, the SKILL.md recommends npm install which means users should verify the npm package and repository authenticity before installing.
!
Credentials
The skill requests no environment variables, which is good, but its declared OpenClaw permissions include fs.read and network even though the code does not use them. Network permission would increase blast radius if exercised in future updates (ability to exfiltrate). The requested exec permission is appropriate for the implemented local checks.
Persistence & Privilege
always is false and the skill does not request persistent background monitoring or modify other skills. The skill's block-app command is a stub that returns an upsell message rather than performing destructive actions.
What to consider before installing
This package runs local macOS commands (lsof, scutil, system_profiler, socketfilterfw) to report camera/microphone, firewall, VPN, open ports and Wi‑Fi security — that behavior is visible in the included source and does not send data out. However: the documentation and metadata overstate capabilities (many features listed in README are not implemented) and declare fs.read and network permissions that the code doesn't use. Before installing: 1) verify the npm package and GitHub repo are authentic (owner, recent commits, stars, issues), 2) inspect the published package contents (or install in a sandbox/VM) to confirm no network calls or file reads are added, 3) be cautious granting broad permissions (network/fs.read) because future updates could use them to exfiltrate data, and 4) treat the 'block-app' feature as a marketing stub (it does not actually remove apps in the shipped code). If you want this skill, prefer installing from the verified npm package or source and run it in a controlled environment first.

Like a lobster shell, security has layers — review code before you run it.

latestvk97c9yan0x92293gmmdff54h6n80wxmj

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments