ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Oz CLI Remote Node

v1.1.3

Execute commands or tasks on the Oz Build Node via CLI, with mode-based control and direct bash command support on the remote node.

0· 69·0 current·0 all-time
by@eladrave
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill claims to act as a proxy to oz-cli on a remote node and the instructions consistently require and use the 'nodes' tool to run commands remotely. The package.json declares 'nodes' permission, which aligns with the stated purpose.
!
Instruction Scope
SKILL.md instructs the agent to: (a) check local sandbox indicators (/.dockerenv and /proc/1/cgroup) by reading local filesystem state, (b) persistently save the remote node name and selected profile ID into workspace files/memory, and (c) create oz_run.<id>.md files that include Run IDs, original prompts and the 'Open in Oz' URL. Reading local system files and persisting run data/URLs and full prompts can expose sensitive environment details or secrets. These actions go beyond simply proxying commands and are not represented as required config paths or env vars in the metadata.
Install Mechanism
This is an instruction-only skill with no install spec or code files; nothing is downloaded or written by an installer. That minimizes installation risk.
Credentials
The skill requests no environment variables or credentials, which is proportionate. However, it instructs creating persistent workspace files that will store run IDs, prompts, and URLs (which may contain tokens or sensitive info). Although not explicit credential requests, this persistent storage can lead to exfiltration risk if the workspace is shared or backed up.
Persistence & Privilege
The skill is not always-enabled and does not request elevated platform privileges, but it instructs the agent to write and retain node/profile settings and run-tracking files in the workspace. Persistent storage of run metadata and user prompts increases exposure over time and should be considered when deciding whether to install.
What to consider before installing
This skill does what it says—it proxies oz-cli and arbitrary bash commands to a remote node via the 'nodes' tool—but it also asks the agent to read local sandbox indicators and to store run metadata, prompts, and 'Open in Oz' URLs in workspace files. Before installing, consider: 1) Only enable if you trust the remote node and whoever has access to it, because the skill allows running arbitrary commands there. 2) Expect persistent files (TOOLS.md, oz_run.<id>.md) containing prompts and URLs; these may contain sensitive data or tokens—inspect and clean these files regularly or avoid storing them. 3) The skill reads local files like /.dockerenv and /proc/1/cgroup; if you do not want the agent checking local runtime state, do not install. 4) Limit who can invoke the skill, and avoid sending secrets or credentials in prompts. If you want reassurance, ask the author to remove local filesystem checks or to make persistent storage explicitly configurable and documented.

Like a lobster shell, security has layers — review code before you run it.

latestvk979t5d099mv6vqy4t8x4j4xtn83spxg

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments