ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Agent Setup Kit

v1.0.0

Configures OpenClaw agents with a universal prompt enabling skill installation, book discovery, and knowledge base integration via natural commands.

0· 72·1 current·1 all-time
by@heardlyapp
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description (add a universal system prompt to enable skill installation, book discovery, and KB integration) aligns with the included system prompt and the command handler which runs 'clawhub install'. However README/SKILL.md claim an automated setup.sh and an automatic 'openclaw agent setup' flow that are not present in the file manifest (setup.sh is referenced but not included). The package also advertises searching a '5904-book database' with no implementation or data supplied. These omissions are inconsistent with the advertised 'one-command' automatic setup.
!
Instruction Scope
The system prompt and SKILL.md instruct the agent to (a) execute 'clawhub install <skill-name>' when users say 'install <...>', (b) search a 5904-book database, and (c) add entries to SOUL.md, MEMORY.md, and SKILL.md. The repository only provides a small JS handler for the install command; there is no implementation for the book DB search or safe file paths for writing knowledge files. The instructions therefore assume access to local files and an external book DB that are not provided, and they direct the agent to modify local knowledge files (which is a real side-effect).
Install Mechanism
There is no install spec — instruction-only with a small included JS handler. That is low-risk by itself. However SKILL.md/README claim an automated setup script (setup.sh) which is missing; the absence of that script means the advertised one-command install is not actually present, an inconsistency to be aware of.
Credentials
The skill declares no required env vars or credentials, which is coherent. However the behavior (allowing arbitrary 'clawhub install <skill>') increases exposure because installed skills can request credentials later. The system prompt also references 'scrapling-official' with 'anti-bot bypass'—an unusual capability to advertise in a general-purpose setup kit and potentially indicative of tools that may require elevated web-scraping abilities. The packaging does not require or explain any credentials for book DB access or for modifying local KB files.
!
Persistence & Privilege
The package instructs modifying the Agent's system prompt and knowledge files (SOUL.md, MEMORY.md, SKILL.md) — persistent changes to the agent environment. The skill does not set always:true, but it grants the agent a simple command handler that will autonomously run 'clawhub install' when invoked. That capability is expected for an 'install skills' feature but raises risk because it allows installing arbitrary third-party skills (expanding future privileges) and the package provides no safeguards or allowlist.
What to consider before installing
This package contains a small JS handler that will execute 'clawhub install <skill-name>' and a system prompt that tells the agent to perform installs and to modify local knowledge files. Before installing or enabling it: 1) Inspect and verify the missing files referenced in SKILL.md/README (setup.sh and any auto-setup implementation) — their absence means the 'one-command' setup is misleading. 2) Understand that activating this gives your agent the ability to install arbitrary skills on demand; consider restricting/autofailing installs unless you manually approve them. 3) Confirm where the agent will write SOUL.md/MEMORY.md/SKILL.md and whether those paths are safe and backed up. 4) Verify the provenance of the advertised '5904-book database' and the 'find-book' skill — the prompt assumes a database that is not bundled. 5) Note the mention of 'scrapling-official' and 'anti-bot bypass' (potentially problematic); avoid enabling web-scraping capabilities you don't trust. If you want to proceed, prefer manual installation of the handler and add explicit allowlists or input validation around which skill names may be installed.
agent-command-handler.js:23
Shell command execution detected (child_process).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk97d045adx7rxz2bpft091t7v583bq55

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments