ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Skill Atlas

v2.0.1

Skill Atlas manages skill loading rules for OpenClaw, enabling classification, cross-platform search, automatic security vetting, version checks, and daily s...

0· 53·0 current·0 all-time
bywindcat@guowenjiao54·duplicate of @guowenjiao54/skill-altas
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The SKILL.md, scripts, and config implement a skill-inventory, cross-registry search, automated vetting and install/update flows using clawhub and a separate 'skill-vetter' script. Requiring clawhub, PowerShell and Python is coherent with that purpose. However the package/registry metadata claims 'instruction-only' / no install spec while SKILL.md contains a full install spec and there are version mismatches (registry: 2.0.1 vs SKILL.md: 2.1.0). SKILL.md also enumerates files (e.g., config/clawhub_skills.md, a config/daily/ directory, and scripts/skill-vetter.py) that are not present in the provided manifest—this inconsistency is unexplained.
Instruction Scope
Runtime instructions and the included scripts operate within the workspace: reading SKILL.md files, scenes.json, running clawhub (search/install/update) via PowerShell, and invoking an external vetter script. The SKILL.md explicitly declares limits (no reading ~/.ssh, ~/.aws, no credential exfiltration). The code follows the stated scope (inspecting skill files, running vetter, invoking clawhub). However these instructions will run networked installs/updates via clawhub and execute an external vetter script—both extend the blast radius and rely on the vetter's trustworthiness.
!
Install Mechanism
Registry metadata said 'No install spec — instruction-only', but SKILL.md contains an install section describing copying files into WORKSPACE and requiring an external skill-vetter script. The manifest does not include the referenced skill-vetter file or some config files listed under install.files. The skill itself doesn't download arbitrary archives, but it runs clawhub to install/update other skills (which will fetch code from the clawhub registry). The mismatch between declared install method and actual files is a risk and should be resolved before trusting automatic install/update behavior.
Credentials
No API keys or unrelated credentials are requested. The only environment usage is OPENCLAW_WORKSPACE (with a reasonable default). The inspection script scans SKILL.md text for API-env patterns and reports missing env vars but does not itself exfiltrate secrets. Requiring clawhub/python/powershell binaries is proportional to the functionality.
Persistence & Privilege
always:false (not forced into every agent run). The SKILL.md sets autonomous/heartbeat allowed but with 'invoke_scope: user-confirmed' and limits that forbid autonomous installs/updates. Autonomous invocation increases surface area but here it's constrained; no evidence the skill modifies other skills' configs beyond its own scenes/daily files.
What to consider before installing
This skill appears to implement a legitimate skill-management tool, but there are notable inconsistencies you should resolve before installing: 1) Verify provenance — the package metadata claims instruction-only but the SKILL.md and included scripts implement an installable package; confirm the publisher and source URL. 2) Confirm presence and trustworthiness of the referenced 'skill-vetter' script (the package references it but it is not included in the manifest). The vetter is executed before installs/updates and therefore must be trusted. 3) Inspect the vetter and any clawhub registry configuration (CLAWHUB_REGISTRY) to ensure they point to expected, official registries and not a malicious mirror. 4) Backup your WORKSPACE and run the skill in an isolated environment (or review and run its scripts manually) before granting it persistent use. 5) If you accept it, deny it broad system write access and confirm that autonomous behavior is limited (it should not perform installs/updates without your explicit approval). If you want, I can highlight the exact manifest vs SKILL.md mismatches and generate a checklist of files to request from the author (e.g., the skill-vetter script and listed config files).

Like a lobster shell, security has layers — review code before you run it.

latestvk971j082xgfbv2vqygb82n8qes847kb7

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments