Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
OMNI Semantic Signal Engine
v0.5.9Local-only semantic context filtering that saves up to 90% in token costs.
⭐ 0· 47·0 current·0 all-time
byFajar Hidayat@fajarhide
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Benign
medium confidencePurpose & Capability
Name/description, manifest, SKILL.md, and code all consistently declare and require a local 'omni' binary and expose two tools (omni_cmd, omni_rewind). RequiredBinaries in openclaw.plugin.json matches the runtime code and SKILL.md.
Instruction Scope
The runtime instructions and code permit executing arbitrary terminal commands via OMNI (omni exec -- <command>) and retrieving archived logs. This is expected for a tool that distills terminal output, but it grants the agent broad ability to run potentially destructive or privacy-sensitive commands on the host.
Install Mechanism
No install spec is present (instruction-only plugin + small code file). Nothing is downloaded or installed by the plugin itself; it relies on a preinstalled 'omni' binary, which reduces install-time risk.
Credentials
The plugin requests no credentials or config paths. It does proactively strip ~25 'dangerous' environment variables (documented in code), which is a reasonable mitigation. However it still passes the rest of process.env to the omni process, so any secrets present in the environment (AWS_*, GCP creds, tokens, etc.) could be visible to the omni binary — you must trust the binary's behavior.
Persistence & Privilege
always is false and the plugin does not request persistent elevated privileges. It registers tools normally. Note: the platform default allows the agent to invoke tools autonomously — combined with the ability to run arbitrary local commands, that increases the impact if the agent is given broad autonomy.
Assessment
This plugin is coherent: it acts as a local wrapper that requires an 'omni' CLI to function, and its code matches the documentation. Before installing: 1) Verify the provenance of the omni binary (SKILL.md/README point to a GitHub repo, but the package registry shows 'Source: unknown'); download and build from the official repo or audit the published binary. 2) Review the omni GitHub source and any network/telemetry code — the plugin trusts that binary and does not itself enforce network isolation. 3) Avoid running this tool in environments containing sensitive environment variables or secrets, or clear/unset such env vars for the OpenClaw process; the plugin strips some envs but not credentials like AWS_*/GCP tokens. 4) Consider restricting agent autonomy (do not grant blanket autonomous run permissions) if you are uncomfortable with an agent being able to execute arbitrary local commands. If you need more assurance, request the upstream OMNI project's signed releases or a reproducible build and a brief network-audit of the binary.index.js:34
Shell command execution detected (child_process).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.Like a lobster shell, security has layers — review code before you run it.
latestvk97f7m9qsg3k4r115y77qpy4jd84pvk9
License
MIT-0
Free to use, modify, and redistribute. No attribution required.