Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Preflight Check
v0.1.0Pre-flight environment validator — checks that all required binaries, environment variables, and services are available before running other skills
⭐ 0· 72·0 current·0 all-time
byGuilherme Favaron@guifav
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill name/description (preflight environment validator) is consistent with the checks described in SKILL.md. However, the package metadata (claw.json) declares no required env vars or binaries while the SKILL.md explicitly defines many environment variables and binaries to check (Vercel/Supabase/GCP/Firebase/Cloudflare tokens, GOOGLE_APPLICATION_CREDENTIALS path, node/git/gh/gcloud/docker/etc.). The metadata/requirements and the runtime instructions are not synchronized — the skill will attempt to read values and test tools that are not declared up front.
Instruction Scope
The SKILL.md instructs the agent to run commands that will read environment variables and file paths including sensitive items (e.g., FIREBASE_PRIVATE_KEY, VERcEL_TOKEN, CLOUDFLARE_API_TOKEN, GOOGLE_APPLICATION_CREDENTIALS). It uses echo and head -c to display portions of secrets and writes a JSON report (preflight-report.json). Although verifying presence is reasonable, the instructions explicitly print secret fragments and store results — increasing risk of accidental exposure or exfiltration if the report or logs are transmitted elsewhere.
Install Mechanism
Instruction-only skill with no install spec and no code files; low installation risk since nothing is downloaded or extracted. No install mechanism concerns were found.
Credentials
The SKILL.md checks many sensitive environment variables and a credentials file path but the metadata's requires.env is empty and primary credential is none. Sensitive items (private key, API tokens, GOOGLE_APPLICATION_CREDENTIALS) are accessed directly. Requiring or reading such secrets is proportional to a preflight validator only if it is explicit in metadata and the checks avoid printing/storing secrets — neither is true here.
Persistence & Privilege
claw.json requests filesystem and network permissions and the skill writes preflight-report.json to the project root. Network permissions plus reading sensitive env vars increase the blast radius if the agent is allowed to invoke the skill autonomously or if the report is transmitted off-host. The skill is not marked always:true, but autonomous invocation is allowed by default; combined with the above, this is risky unless restricted.
What to consider before installing
This skill appears to do what it says (preflight checks) but there are important mismatches and privacy risks you should consider before installing or running it:
- Metadata mismatch: The skill's metadata declares no required env vars, yet the instructions read many sensitive variables (service tokens, private keys, GOOGLE_APPLICATION_CREDENTIALS). Ask the author to declare all env vars and explain why each is needed.
- Secret handling: The SKILL.md prints fragments of sensitive values and writes a JSON report to disk. Ensure reports never include full secrets, are stored in a secure location, and are not sent to external endpoints. Prefer presence checks (test -n, test -f) instead of echoing secret contents.
- Permissions: claw.json requests filesystem and network access. If you allow this skill, restrict it to user-invoked runs (disable autonomous invocation) or run it in an isolated/local environment to avoid accidental exfiltration.
- Operational controls: If you still want to use it, require the author to:
1) Update metadata to list the env vars/binaries it will access.
2) Remove or redact any printing of secret values (do not include private key fragments in reports).
3) Make network checks explicit and optional, and document any external endpoints contacted.
4) Provide a signed/known source or package release (currently source/homepage are unclear).
If you cannot get those assurances, run this skill only in a controlled environment (throwaway project or ephemeral container) and inspect the generated report before sharing it.Like a lobster shell, security has layers — review code before you run it.
latestvk971d8y5cwgn4ev4jr7twh3j8d83fcnx
License
MIT-0
Free to use, modify, and redistribute. No attribution required.