ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

All-skill-list

v1.0.0

本地扩展技能目录 - 聚合所有 OpenClaw 本地技能,支持列表查询、描述提取、缓存加速、差异对比、自动更新技能清单

0· 125·0 current·0 all-time
by@fantasywoc
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description match the actual behavior: the script scans ~/.openclaw/workspace/skills, extracts SKILL.md content, and can export JSON/Markdown. No unrelated credentials, binaries, or external services are requested.
Instruction Scope
Runtime instructions and the script stay within the declared scope (filesystem scanning, caching, export). The script reads every SKILL.md it finds and can return full content — expected for this tool but means it will read arbitrary files under the skills tree (which may contain sensitive data).
Install Mechanism
No install spec or external downloads; this is an instruction-only skill with a bundled Python script. Nothing is pulled from the network during install.
Credentials
No environment variables or external credentials are requested; metadata points to the local skills directory and is consistent with the purpose.
Persistence & Privilege
Skill does not request always:true and only writes files under its own scripts directory (skills_cache.pickle, skills_export.json, all_skills.md). However it loads a pickle cache file from disk which introduces deserialization risks if that file is tampered with or replaced.
What to consider before installing
This skill appears to do exactly what it claims (aggregate and export local skills), but exercise caution before running it: - The script loads and writes a cache using Python's pickle. Untrusted pickle files can execute arbitrary code when loaded. If an attacker or other user can modify ~/.openclaw/workspace/skills/all-skill-list/scripts/skills_cache.pickle, running the script could run that code. - Before installing/running: inspect the script (scripts/skill-list.py) yourself and ensure the skills directory and the all-skill-list/scripts directory are writable only by you/trusted users. - If you want to reduce risk: delete any existing skills_cache.pickle before the first run, or modify the script to use JSON for cache storage instead of pickle (safer), or run the script in a restricted sandbox/container. - Be aware the tool will read the full contents of SKILL.md files across your skills tree (and can export them). Don’t place secrets or sensitive tokens in those files. I rate this suspicious (not outright malicious) because the core functionality is coherent but the use of pickle for caching and reading/writing files under the skills tree are legitimate design choices that carry tangible security risks if files are tampered with. If you can verify the script and control file permissions, the risk is much lower.

Like a lobster shell, security has layers — review code before you run it.

latestvk970aew8qff85ka116699afchd837984

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments