ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

LibreNMS

v1.0.0

Monitor LibreNMS network devices and alerts via API to get status, health sensors, port stats, and unresolved active alerts in read-only mode.

0· 698·0 current·0 all-time
byFlorian Beer@florianbeer
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (LibreNMS monitoring) matches what is requested and implemented. The script and SKILL.md only require a LibreNMS URL and token, and the API endpoints wrapped in the script correspond to standard LibreNMS read-only endpoints.
Instruction Scope
Runtime instructions limit the agent to local config reading (~/.openclaw/credentials/librenms/config.json) or LIBRENMS_URL/LIBRENMS_TOKEN env vars and to issuing curl requests to the configured LibreNMS instance. There are no instructions to read unrelated files, exfiltrate data to third-party endpoints, or modify other system components. Note: the script uses curl -k to ignore TLS validation (documented in SKILL.md).
Install Mechanism
No install spec (instruction-only plus a CLI script). Dependencies are standard command-line tools (curl, jq, optional bc). Nothing is downloaded from arbitrary URLs or written to system paths beyond reading the declared credentials path.
Credentials
Only LIBRENMS_URL and LIBRENMS_TOKEN (or a local config file containing url and api_token) are used, which is proportional to the stated purpose. Credentials are stored under ~/.openclaw/credentials/librenms and SKILL.md/README advise restricting file permissions.
Persistence & Privilege
Skill is not always-enabled, does not request elevated privileges, and does not modify other skills or system-wide settings. It reads a local credentials file and environment variables only.
Assessment
This skill appears to do what it says: read-only monitoring via your LibreNMS API. Before installing: 1) Only provide a token scoped appropriately in LibreNMS and store it with restrictive permissions (chmod 600). 2) Be aware the script defaults to curl -k (skips TLS verification) — remove -k if you require strict TLS. 3) Review the script if you have a high-security environment (it runs curl and jq on responses but does not transmit data to other endpoints). 4) Install only the listed deps (curl, jq, bc optional) and ensure your LibreNMS instance is reachable and trusted.

Like a lobster shell, security has layers — review code before you run it.

latestvk97bj77379q16gn1thcpmypax5814s2a

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments