ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

d

v1.0.3

Guide to deploy multiple OpenClaw agents in isolated Docker containers communicating via a secure shared filesystem without exposing network ports or using e...

0· 130·0 current·0 all-time
bywow@duanc-chao
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
Registry description says this skill guides deploying OpenClaw agents in isolated Docker containers, but the provided SKILL.md contains only instructions and a Python snippet to draw an ASCII letter 'D'. The declared purpose and actual capability are inconsistent.
Instruction Scope
The SKILL.md itself is narrowly scoped and only instructs how to construct ASCII art (no file system access, no external network calls, no reading of unrelated env vars). As-written, the instructions do not attempt any dangerous or out-of-scope actions.
Install Mechanism
This is an instruction-only skill with no install spec and no code files beyond SKILL.md, so there is nothing written to disk or downloaded during install.
!
Credentials
The skill declares no required environment variables or credentials, which is consistent with the ASCII-art instructions but inconsistent with the registry description that implies Docker/container operations (which would normally require binaries, credentials, or config). This mismatch suggests the metadata may be wrong or the package mispackaged.
Persistence & Privilege
The skill is not marked always:true, has default invocation settings, and does not request persistent system presence or modify other skills. No elevated privileges are requested.
What to consider before installing
Do not assume this skill will deploy containers — the metadata and actual instructions disagree. If you expected a deployment tool, ask the publisher for the correct package or a README matching that purpose. If you only need ASCII-art helpers, this SKILL.md is harmless. Avoid installing or granting any elevated access until the author clarifies the intended functionality and fixes the mismatched metadata. If you obtained this from a registry, check the owner's profile, changelog, and other published files for signs of mispublish or tampering.

Like a lobster shell, security has layers — review code before you run it.

latestvk978kkymc3w81rq1smycqpatrs838051

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments