ClawHub
Back to skill
v1.0.0

Boxed Curl

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 8:36 AM.

Analysis

Boxed Curl matches its curl-in-a-sandbox purpose, but it asks the agent to download and run an unpinned WASM executable from GitHub that is not included in the skill package.

GuidanceBefore installing, make sure you trust the external WASM source and the required sandbox plugin. Prefer a version that bundles the WASM or verifies it with a checksum, and review each request’s URL, method, body, and Authorization headers before sending.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Agentic Supply Chain Vulnerabilities
SeverityMediumConfidenceHighStatusConcern
SKILL.md
wasm-sandbox-download({ url: "https://raw.githubusercontent.com/guyoung/wasm-sandbox-openclaw-skills/main/boxed-curl/files/boxed_curl_component.wasm", output: "<skill_dir>/files/boxed_curl_component.wasm"

The executable WASM component is fetched from a mutable GitHub branch at use time, with no pinned version, checksum, or bundled reviewed artifact shown.

User impactA user may end up running whatever WASM file is available at that GitHub URL when the skill is first used.
RecommendationBundle the WASM in the skill package or pin it to an immutable release with an integrity hash, and make the download provenance explicit before use.
Unexpected Code Execution
SeverityMediumConfidenceHighStatusConcern
SKILL.md
Use the `wasm-sandbox-run` tool to execute the WASM component after the WASM file is available.

The skill directs the agent to execute the downloaded WASM component, so the remote artifact is not merely downloaded but becomes runnable code.

User impactThe skill’s behavior depends on an executable component that is not included in the reviewed artifact set.
RecommendationRequire explicit user approval before first execution of a downloaded component and provide verifiable integrity information for the WASM file.
Tool Misuse and Exploitation
SeverityLowConfidenceHighStatusNote
SKILL.md
`-X, --request METHOD` | HTTP method (GET, POST, PUT, DELETE, etc.)

The skill supports state-changing HTTP methods, which is expected for curl-like behavior but can affect remote accounts or services if used with authenticated APIs.

User impactA POST, PUT, or DELETE request could change data on a remote service if the user provides valid credentials or session headers.
RecommendationConfirm the target URL, method, body, and headers before running requests that can modify remote data.
Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse
SeverityLowConfidenceHighStatusNote
SKILL.md
args: ["-H", "Authorization:Bearer token123", "https://httpbin.org/get"]

The examples show user-supplied Authorization headers being passed through to outbound requests; this is expected for curl, but it can carry sensitive tokens.

User impactIf a user includes an API token or bearer token, it will be sent to the configured destination host.
RecommendationOnly include credentials when necessary, verify the destination host carefully, and avoid sending real tokens in examples or tests.