Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
little-snitch
v1.0.1Control Little Snitch firewall on macOS. View logs, manage profiles and rule groups, monitor network traffic. Use when the user wants to check firewall activity, enable/disable profiles or blocklists, or troubleshoot network connections.
⭐ 2· 2k·3 current·3 all-time
byGustavo Madeira Santana@gumadeiras
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The SKILL.md is clearly scoped to controlling the Little Snitch CLI (commands, examples, and many root-required operations). However, the skill metadata does not declare the required 'littlesnitch' binary or an OS restriction (SKILL.md states macOS-only). That mismatch between declared requirements and the actual instructions is an incoherence a user should notice.
Instruction Scope
Instructions stay within the stated purpose: they show how to run littlesnitch commands, read logs, activate profiles, export/restore configuration, and capture/stream traffic. The skill does not instruct reading unrelated files or exfiltrating data to external endpoints. Many examples explicitly require sudo/root, which is expected for a firewall tool but increases potential impact if misused.
Install Mechanism
This is an instruction-only skill with no install spec or downloadable code, which reduces supply-chain risk. It does, however, implicitly require the littlesnitch CLI to already be present on the system — the metadata should have listed that binary dependency but did not.
Credentials
No environment variables, credentials, or config paths are requested. That's appropriate for a local CLI helper. The only elevated privilege implied is use of sudo/root for certain commands, which matches the tool's functionality but is high-impact.
Persistence & Privilege
always:false (not force-included) and no requested persistent credentials. However, the skill's capability to run commands that require root (export/restore model, capture traffic, enable/disable rules) means that if an agent were allowed to execute shell commands autonomously on a macOS machine, the blast radius is significant. Autonomous invocation alone is not flagged, but combined with root-level operations it elevates the risk and requires careful operational controls.
What to consider before installing
This skill appears to be a legitimate Little Snitch CLI helper, but there are a few things to consider before installing:
- The SKILL.md expects the 'littlesnitch' CLI and macOS, but the skill metadata doesn't declare that binary or an OS restriction — verify the environment will actually have Little Snitch installed before relying on this skill.
- Many useful commands require sudo/root (exporting/restoring config, capturing traffic, enabling/disabling rule groups). Only use the skill when you trust both the skill and the agent's ability to run commands on your machine. Be cautious enabling Terminal access in Little Snitch; follow the product's guidance to avoid giving untrusted processes root access.
- The skill source/homepage is unknown. If you need to run powerful operations (backups, restores, traffic capture), prefer skills with a known, trusted source or inspect the exact commands the agent will run each time.
- Because this is instruction-only, there's no install risk from downloaded code, but the agent still could execute high-impact local commands. Require explicit user confirmation for any sudo-level actions and avoid allowing automatic, unattended execution of this skill on sensitive systems.
If you want stronger assurance, ask the skill author for a homepage or source repository, or request that the registry metadata be corrected to list the 'littlesnitch' binary and macOS restriction.Like a lobster shell, security has layers — review code before you run it.
latestvk970tzwhc1xe2abfsd8rm6w1n17zz470
License
MIT-0
Free to use, modify, and redistribute. No attribution required.