ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Skill Radar

v1.1.1

Scan, analyze, and optimize your AI skill ecosystem. Diagnose skill usage, discover capability gaps, and check version updates in one command. Trigger on "sk...

0· 122·0 current·0 all-time
by@freeter226
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (Skill Radar) align with required binaries (python3, openclaw) and the code: it reads OpenClaw skill lists, checks ClawHub versions, searches ClawHub and inspects skills. Required tools and operations are proportional to scanning, version checks, usage analysis and recommendations.
Instruction Scope
The runtime will read user workspace files and logs (e.g., ~/.openclaw/workspace/MEMORY.md, HEARTBEAT.md, AGENTS.md, session logs in ~/.openclaw/agents/main/sessions) and optional mem0 data. This is necessary for usage analysis and recommendations, but these are sensitive data sources (conversation history, configs). It also invokes external CLIs (openclaw, npx clawhub) and may run a mem0 list.py if present.
Install Mechanism
No install script — instruction-only with bundled Python scripts. No downloads or remote installers. The skill writes cache files under ~/.openclaw/workspace (ClawHub and security caches) which is expected for local caching.
Credentials
The skill declares no required environment variables or credentials. It does call system CLIs and reads files under the user's home/openclaw workspace; those accesses are consistent with analyzing local skills and user session data.
Persistence & Privilege
always is false and the skill does not request system-wide privileges. It creates and updates local cache files (~/.openclaw/workspace/.skill-radar-*.json) and may inspect installed skill directories (including detected bundled OpenClaw paths). This is normal for its purpose but means it will persist scan/cache state locally.
Assessment
This skill appears to do what it says: it inspects your installed Skills, reads local workspace files and session logs, queries ClawHub via npx, and writes caches under ~/.openclaw/workspace. Before installing, consider: 1) it will access sensitive conversation logs and workspace configs — only use it if you trust the skill and its source; 2) it calls external CLIs (openclaw, npx clawhub) which may contact remote services; ensure those CLIs are from trusted origins; 3) it may execute a local mem0 list.py if present — review that script before allowing it to run; 4) caches are stored in your home directory and can be removed by deleting ~/.openclaw/workspace/.skill-radar-*.json. If you want extra assurance, run it in a constrained or non-production environment first and inspect its output and created cache files.

Like a lobster shell, security has layers — review code before you run it.

latestvk972rvvj2ay2rwps6hdy83j77x83vkn3

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📡 Clawdis
Binspython3, openclaw

Comments