ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

claw-security-panel

v1.0.0

OpenClaw 安全检查面板(Python 3.7+ 兼容)。用户发送"启动安全检查"时触发,按四大类检查:接入安全、权限安全、执行安全、韧性安全。生成带 token 的临时 HTML 页面,含风险详情子页面和一键修复功能。

0· 54·0 current·0 all-time
byH4xssck3r#codeplay_team@haxsscker
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill claims to run a local security panel and the included Python script implements many described checks (gateway, HTTPS, auth, login sources, file scanning, git/backup checks). However the manifest declares no required binaries/credentials while the runtime calls external system binaries (openclaw, last, sudo, curl) and expects Python 3 — the lack of declared runtime binaries is an inconsistency but not necessarily malicious.
!
Instruction Scope
The SKILL.md and start.sh/scripts instruct reading system-level data: /var/log/auth.log (using sudo), output of last, shell/command history, workspace files, and critical OpenClaw config files. They also provide one-click auto-fix actions that can modify config files. All of the above are security-relevant and go beyond simple readonly checks; the instructions will access/modify sensitive local files and potentially require elevated privileges. This scope is coherent with a security scanner but increases risk and requires explicit user consent and environment checks.
!
Install Mechanism
There is no declared install spec (instruction-only), but start.sh launches a server from /tmp/security_panel_server.py (nohup python3 /tmp/security_panel_server.py "$TOKEN" "$PORT"). That server file is not present in the manifest — implying the runtime may generate and execute code in /tmp. Dynamically generating and executing code that is not part of the published package is a significant risk and not documented in SKILL.md.
!
Credentials
requires.env lists none, but the code accesses sensitive system areas (auth logs, workspace files, OpenClaw config) and invokes sudo in scripts. It also scans for plaintext secrets. The skill will attempt to read credentials and system logs without declaring any required privileges; it may fail unless the user has passwordless sudo or is root. The lack of declared required binaries (curl, sudo, openclaw, git) is inconsistent with actual behavior.
Persistence & Privilege
always:false and the skill is user-invocable (normal). The skill writes /tmp/security_report.json, /tmp/security_panel.pid and launches a background Python server on a local port (18790). Running as a background service and writing temp files is expected for a local panel, but because the server code is generated/executed from /tmp (not included in the package), this elevates the risk profile — the service could run code not visible in the manifest.
What to consider before installing
This skill largely does what it says (local security checks and a temporary web panel), but several red flags deserve attention: - Missing runtime declarations: start.sh and the script call external commands (openclaw, last, sudo, curl, git) though the registry metadata lists no required binaries. Expect failures or hidden prompts for sudo. Ensure these tools and privileges are acceptable before running. - Reads sensitive data: the script reads /var/log/auth.log, runs last, and scans your workspace for plaintext secrets. That is appropriate for a security scanner, but you should only run it on systems you control and after making backups. - Dynamically generated server: start.sh launches /tmp/security_panel_server.py which is not part of the published files. The security_check.py likely writes and then executes a server script — code executed from /tmp is not visible in the manifest and could perform additional actions (network calls, exfiltration). Before running, inspect the runtime-generated /tmp/security_panel_server.py and /tmp/security_report.json to ensure they contain only the expected server and HTML content. - Auto-fix behavior: the tool can perform 'one-click' fixes (file permissions, modifying config.json). Review suggested fixes and back up affected files before applying automated fixes. - Recommended mitigations: run this skill in an isolated environment (VM/container) first, examine the generated /tmp files before execution, ensure you have recent backups, and run with minimal necessary privileges (avoid running as root). If you want to proceed, ask the publisher for the server code (the file created in /tmp) and full script contents (untruncated) so you can review all runtime behavior. If you cannot inspect the generated server, do not run it on production hosts.

Like a lobster shell, security has layers — review code before you run it.

latestvk974qafjtvmbgprcbnje57727x83h4we

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments