ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Oh My Zsh Manager

v0.1.0

Oh My Zsh management. plugin - Add/install plugins to .zshrc plugins=() array [plugin.md], custom - Write $ZSH_CUSTOM/*.zsh based on requirements [custom.md]...

0· 39·0 current·0 all-time
byes6kr@drumrobot
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill's stated purpose (manage Oh My Zsh plugins and custom files) matches the instructions. However, it omits declaring practical runtime requirements: external plugin installation requires 'git' and the skill references $ZSH and $ZSH_CUSTOM without listing them in requires.env or required binaries. This omission is an incoherence between claimed capabilities and declared requirements.
!
Instruction Scope
Instructions explicitly tell the agent to modify user files (~/.zshrc and $ZSH_CUSTOM/*.zsh) and to clone arbitrary GitHub repositories. Those actions are within the skill's purpose but are powerful file- and network-level operations. Additionally, SKILL.md includes a 'self-improve' step that directs the agent to run '/skill-manager upgrade omz' after invocation, which causes the agent to attempt to upgrade the skill itself — this is scope-creep that can lead to unexpected self-modification if executed without explicit user consent.
Install Mechanism
There is no install spec (instruction-only), which reduces disk-side risk. However, external plugin installation relies on 'git clone' from third-party repos (GitHub). Because the skill will advise or perform network clones, the effective runtime requires network access and git; those expectations should be declared.
!
Credentials
The skill declares no required environment variables or credentials, yet instructions reference $ZSH and $ZSH_CUSTOM and default paths. While these are not secrets, the mismatch between declared env requirements and referenced env variables is a coherence issue. No sensitive credentials are requested, which is appropriate.
Persistence & Privilege
The skill does not request always:true and does not require special system-wide privileges. The only persistence-related concern is the 'self-improve' instruction to run '/skill-manager upgrade omz' — it instructs the agent to upgrade the skill after use, which could change the skill's behavior over time if performed automatically. This should be clarified or gated by explicit user confirmation.
What to consider before installing
This skill appears to do what it says (manage Oh My Zsh plugins and write custom zsh files), but there are three things to watch for before installing or allowing it to run: (1) It references and will likely use git to clone external plugins but doesn't declare 'git' as a required binary — ensure git is present and be aware clones download and run third-party shell code. (2) It reads/writes ~/.zshrc and $ZSH_CUSTOM/*.zsh — allow it only if you trust the changes; review any proposed file content before writing. (3) The SKILL.md tells the agent to run '/skill-manager upgrade omz' after use (self-upgrade); ask for this step to require explicit consent or remove it. To improve confidence, request that the skill author: declare required binaries (git), list referenced env vars (ZSH, ZSH_CUSTOM), and remove/clarify the automatic self-upgrade behavior.

Like a lobster shell, security has layers — review code before you run it.

latestvk975a596hza447h8pb5t8eyvf583z8gg

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments