ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Openclaw Research Viz

v1.5.0

Generate interactive HTML research reports from AI research context. After completing a multi-step research task (web search, API calls, analysis), use this...

0· 64·0 current·0 all-time
by@frrrrrrrrank
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description (create interactive HTML research reports) align with the included Node scripts and demo HTML. Requiring 'node' is appropriate. However, the skill uploads reports to a2ui.me / Cloudflare R2 while declaring no required environment variables or credentials — that is unexpected unless the upload endpoint accepts anonymous uploads or the code contains embedded credentials. The presence of a worker directory suggests a server-side component is bundled; this is plausible for a report host but should be explained.
!
Instruction Scope
SKILL.md instructs the agent to extract conversation context into a JSON, write it to /tmp, and run included node scripts that encrypt and upload the report. The instructions do not tell the agent to read unrelated system files or extra environment variables, which is good. The concern: the instructions ask the agent to execute shipped JavaScript without spelling out exactly what upload-report.js and worker code send to the external endpoint (e.g., any metadata, request headers, or unencrypted payloads). The guidance 'key never touches the server' is a strong claim but must be confirmed by inspecting the upload/encryption code.
Install Mechanism
There is no external install URL or archive; the skill is instruction+bundled code (scripts and worker). No network download/install step in the manifest reduces supply-chain risk. Node is required to run the bundled scripts. This is a relatively low install risk, but executing included scripts is still a runtime risk to review.
!
Credentials
The skill declares no required environment variables or credentials while its workflow uploads encrypted reports to a2ui.me / R2. Uploading to R2 typically requires credentials or an intermediate service; the lack of declared credentials suggests one of: (a) the host accepts anonymous uploads, (b) credentials are hard-coded in the included code, or (c) the upload is proxied through a bundled worker. Any of those cases require inspection. Also the demo encrypted HTML and test files include large Base64 blobs (expected for encrypted content) but these also increase the chance hidden data or keys are embedded. The skill's claim that the decryption key 'never touches the server' is plausible but unverified without reading upload-report.js/encrypt-report.js/worker code.
Persistence & Privilege
always is false and the skill is user-invocable; it does not request elevated platform privileges in the metadata. There is no indication it modifies other skills or global agent settings. Autonomous invocation is allowed by default; combine this with the concerns above (external upload) when deciding to enable autonomous runs.
Scan Findings in Context
[base64-block] expected: Large Base64 blocks appear in demo/test-encrypted.html and other bundled files (these are expected for sample ciphertext or embedded assets). This pattern is expected for an encryption+upload workflow, but also worth inspecting to ensure no secret keys or plaintext are embedded as base64 inside the bundle or uploaded metadata.
What to consider before installing
This skill is plausibly what it claims (generate, AES-encrypt, upload reports), but you should not install it blindly if you care about confidentiality. Before installing or running it with real data: 1) Inspect upload-report.js and worker/src/index.ts to confirm they do NOT transmit the plaintext or the AES key, and to see exactly which endpoint (a2ui.me URL) and headers are used; 2) Verify where the R2 storage is hosted and who controls a2ui.me — confirm retention, access controls, and deletion policy; 3) Look for hard-coded secrets or API keys in the repo (hard-coded credentials are a red flag); 4) If you cannot review the code, run the skill in an isolated, sandboxed environment with non-sensitive test data and observe network requests (does it only upload ciphertext? does it leak metadata?); 5) If you plan to enable autonomous invocation, consider the increased blast radius (the agent could upload many reports automatically). If any of the above checks are unclear or the upload code contains embedded credentials or sends unencrypted content/keys, consider not using the skill.
scripts/upload-report.js:119
Shell command execution detected (child_process).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk97a57rpp4pjp1rk5rx8y8e0f983ygyw

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binsnode

Comments