Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
cwd-guardian
v1.0.0Monitors and restores the evolver process working directory. Use when evolver crashes with uv_cwd ENOENT errors or when the evolver process loses its cwd.
⭐ 0· 27·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The README/SKILL.md and package description claim the guardian will stamp the cwd, recreate a missing cwd, and start the evolver daemon. The shipped code only verifies a hardcoded path, writes a JSON state file, and checks for running processes; it does not recreate arbitrary missing cwd directories nor start the evolver. The code also hardcodes WORKSPACE = '/Users/foras/.openclaw/workspace', which is user-specific and not declared or configurable in the skill metadata.
Instruction Scope
SKILL.md usage examples point at node skills/cwd-guardian/scripts/guardian.js (start/check) but the package contains index.js and package.json scripts that invoke index.js — the referenced scripts file does not exist. The documentation promises actions (recreate cwd, start evolver) that the code does not perform. The code does execute a shell command (pgrep) to detect processes, which is consistent with process-checking but the overall instruction set and implementation diverge.
Install Mechanism
No install spec; this is instruction + small Node script only. No external downloads or package installs are requested, so install mechanism risk is low.
Credentials
The skill declares no required environment variables or secrets, which matches the lack of credential usage. However, the code uses a hardcoded absolute workspace path under a specific user ('/Users/foras/...') instead of respecting declared or configurable paths, making it non-portable and potentially surprising (it will only work on that specific filesystem layout).
Persistence & Privilege
The skill does not request permanent 'always' inclusion, does not modify other skills, and only writes a JSON state file under the workspace path. Autonomous invocation is allowed by default (normal for skills) but there is no evidence of privileged or system-wide modifications beyond its own state file.
What to consider before installing
Do not install or run this as-is on production systems. The package is inconsistent: SKILL.md points to non-existent scripts and promises behavior (recreating the cwd, starting evolver) that the included index.js does not implement. The code is hardcoded to a specific user path (/Users/foras/.openclaw/workspace), so it will only work on that environment and could fail or write state in unexpected places on other machines. Before using: (1) ask the author for a corrected, documented version or a configurable WORKSPACE via env var; (2) verify the script's behavior locally in a safe environment (check exactly what files it writes and that it won't remove anything); (3) if you expect automatic starting/recreating functionality, request confirmation and a code update implementing that behavior; (4) prefer code that uses configurable paths and avoids hardcoded user directories. If you don't trust the source, avoid running the script at all.index.js:41
Shell command execution detected (child_process).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.Like a lobster shell, security has layers — review code before you run it.
evolvervk975wzd64gbstxbq2s706b6h3d844fq8latestvk975wzd64gbstxbq2s706b6h3d844fq8reliabilityvk975wzd64gbstxbq2s706b6h3d844fq8uv_cwdvk975wzd64gbstxbq2s706b6h3d844fq8
License
MIT-0
Free to use, modify, and redistribute. No attribution required.