Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Skill Auditor in Sandbox
v1.0.3Launch a NovitaClaw (OpenClaw) sandbox, install a specified skill, and generate an installation & security audit report. Use when: (1) You want to test a com...
⭐ 0· 40·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The SKILL.md and included scripts clearly require a Novita API key, a SANDBOX_ID, the novitaclaw CLI, and the novita-sandbox package — but the registry metadata lists no required env vars or binaries. Requesting a Novita API key is coherent with launching NovitaClaw sandboxes, but the metadata omission is an inconsistency that could mislead users about what access the skill needs.
Instruction Scope
The runtime instructions and scripts perform broad inspections: they grep for risky tokens, enumerate URLs, list external path references, and read and output full text contents of many file types from the installed skill. Emitting full fileContents in the report could reveal secrets embedded in the audited repo. The audit script also builds grep patterns by concatenating string fragments and documents that it does so to 'avoid triggering static scanners' — that deliberate obfuscation is unexpected for a security tool and is a red flag.
Install Mechanism
There is no registry install spec (instruction-only), but package.json declares a dependency on 'novita-sandbox' and SKILL.md suggests installing the novitaclaw CLI via curl | bash. The user-run curl|bash instruction pulls a script from a remote host (novitaclaw.novita.ai); downloading/executing a remote install script has higher risk and should be verified. The included scripts run git clones of arbitrary repos into the sandbox (expected for a tester), but that behavior amplifies the need for isolation and scrutiny.
Credentials
The scripts require SANDBOX_ID, NOVITA_API_KEY and SKILL_NAME (and SKILL.md asks users to set NOVITA_API_KEY), which are proportionate to launching and managing a Novita sandbox — however these env vars are not declared in the registry metadata. The audit script also reads and outputs package/requirements files and arbitrary text files from the installed skill, which can expose sensitive data if present in the scanned repo. The skill requests more sensitive inputs than the metadata indicates.
Persistence & Privilege
The skill does not request permanent presence (always:false) and does not modify other skills or system-wide agent settings. It executes its actions inside a Novita sandbox via the novita-sandbox API rather than on the host (as intended). Note: the skill can be invoked autonomously by the agent (default), which combined with other concerns increases blast radius — but autonomous invocation alone is not a reason to block.
What to consider before installing
This skill mostly does what it claims, but proceed cautiously. Before installing or running: (1) verify the upstream repository (https://github.com/freecodewu/skill-auditor-in-sandbox) and the novitaclaw install script contents; (2) confirm NOVITA_API_KEY usage and limit its scope if possible; (3) review the two scripts locally — the audit script intentionally obfuscates patterns to avoid static scanners and will capture and include full text of many files (which can leak secrets); (4) run the tool only against untrusted skills inside an isolated Novita sandbox (do not use a production account or high-privilege API key); (5) consider modifying the audit script to avoid exporting sensitive files and to log findings without dumping entire file contents; (6) because the metadata does not declare required env vars, expect to supply SANDBOX_ID and NOVITA_API_KEY manually and verify these prompts before use.Like a lobster shell, security has layers — review code before you run it.
latestvk979yt01634f9w3q3mm97jq3yn84rpde
License
MIT-0
Free to use, modify, and redistribute. No attribution required.