ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Kilocode Model Sync

v1.0.0

Sync the Kilocode provider model list in openclaw.json with the live Kilo AI API. Use when: running the weekly model sync job, checking for new/removed/updat...

0· 70·1 current·1 all-time
byGuillaume Maka@guillaumemaka
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description (sync Kilocode models into openclaw.json) align with the scripts' behavior: fetch models from https://api.kilo.ai, produce snapshots/diffs/patches, write a patch that replaces models.providers.kilocode.models, and restart the OpenClaw gateway. However, the registry metadata claims no required env vars while both SKILL.md and the scripts require KILOCODE_API_KEY in ~/.openclaw/.env (or env). That metadata mismatch is unexpected and should be corrected.
Instruction Scope
SKILL.md instructions are concrete and match the included scripts: source ~/.openclaw/.env, run sync_models.py, review results, optionally run apply_patch.py which backs up and writes openclaw.json and restarts the gateway. The instructions reference using the agent's 'message' tool and sessions_send for Telegram and approval workflow—these are outside the scripts but consistent with an operator-driven sync flow. The skill does not attempt to read unrelated system paths beyond ~/.openclaw and the user workspace.
Install Mechanism
This is an instruction-only skill with included Python scripts and no install spec. Nothing is downloaded at runtime by the skill itself. The attack surface from installation is low, but running the scripts will write to disk (snapshots, patch files) under ~/.openclaw/workspace which is expected for this task.
!
Credentials
The runtime requires an API credential (KILOCODE_API_KEY) read from ~/.openclaw/.env or from OS env, but the registry metadata did not declare any required environment variables—this is an inconsistency. The scripts only use that token for the kilo.ai API, which is proportionate, but load_env will parse the whole ~/.openclaw/.env (which may contain other secrets). The SKILL.md explicitly instructs sourcing that file, which could expose other secrets to the process—be cautious and ensure the .env contains only intended values.
Persistence & Privilege
The skill is not always: true (not force-included) and disable-model-invocation is true (the model cannot autonomously call it), which reduces autonomous risk. The scripts do modify a configuration file (~/.openclaw/openclaw.json) and restart the gateway — that is appropriate for a config-sync skill but is a privileged operation; ensure you trust the source before allowing it to run and that backups are kept (the script creates backups).
What to consider before installing
This skill appears to do what it says (fetch Kilocode models and update openclaw.json) but there are a few things to check before running it: - Metadata mismatch: the registry lists no required env vars, but the SKILL.md and scripts require KILOCODE_API_KEY (in ~/.openclaw/.env or env). Don't run it until you confirm the metadata or the skill's origin. - Sensitive files: the scripts read ~/.openclaw/.env and will write snapshots, diffs, patch files, and modify ~/.openclaw/openclaw.json. Inspect those files and ensure .env contains only the KILOCODE_API_KEY (or that you are comfortable exposing any other keys present) before running. - Review the generated patch before applying: sync_models.py writes a patch that will overwrite models.providers.kilocode.models. Prefer a manual review of the patch file (kilocode-models-YYYY-MM-DD.patch.json) before applying. - Gateway restart: apply_patch.py will run `openclaw gateway restart` (looks for a hardcoded nvm path then PATH). Make sure restarting the gateway is safe in your environment and that the backup created (openclaw.json.bak.TIMESTAMP) is recoverable. - Deprecated note: SKILL.md contains a big header saying the skill is deprecated and that Kilocode gateway is now built-in. That suggests this skill may be obsolete—confirm whether you actually need it. If you still want to proceed: verify the KILOCODE_API_KEY value, inspect the snapshot/diff/patch files under ~/.openclaw/workspace/kilocode-models/, and run sync_models.py manually in a non-production environment, review the produced patch, and then run apply_patch.py only after manual approval.

Like a lobster shell, security has layers — review code before you run it.

latestvk97arqqryk4ax20qrdm07znz0183gsqx

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments