ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

This skill informs the agent how to use Viam CLI

v1.0.0

Provides comprehensive guidance and commands to install, authenticate, and manage Viam CLI for robotics fleets, modules, machine data, datasets, and ML workf...

0· 372·0 current·0 all-time
bysean yu@hexbabe
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description claim to manage the Viam CLI and related Viam platform resources; the instructions cover installing the CLI, authenticating, managing machines, datasets, pipelines, and modules — all coherent with a Viam CLI manager.
Instruction Scope
Instructions include powerful platform operations (creating API keys, deleting data, opening remote shells, copying files via WebRTC, hot-reloading modules). Those actions are within scope for a Viam CLI controller but are high-risk operations for a user account — the SKILL.md does include guardrails (confirm before destructive ops, prefer read-first). Verify confirmations are actually observed before destructive commands are run.
Install Mechanism
No install spec files — instruction-only. The install path uses Homebrew (brew tap + brew install viam) which is a standard package manager and proportional to the stated purpose.
Credentials
The skill declares no required environment variables. The SKILL.md advises not to paste API keys and to use viam login or environment injection; that is proportional. There are no requests for unrelated credentials or secrets in the manifest.
Persistence & Privilege
always:false and model invocation allowed (default). The skill does not request persistent system-wide changes beyond recommending using the viam CLI. It does not request to modify other skills or system-wide configs in the provided instructions.
Assessment
This skill is an instruction-only guide for the Viam CLI and appears internally consistent. Before installing or allowing any operations: (1) only permit the Homebrew install if you trust the source and you want the Viam CLI on your machine; (2) when the agent requests to perform destructive actions (delete, create API keys, open remote shells, copy files), confirm each action explicitly and review the exact command it will run; (3) do not paste secrets into chat — use viam login in your terminal or your platform's environment injection as recommended; (4) note the SKILL.md included a requirement block (anyBins: ["viam","brew"]) even though the registry metadata listed none — this minor mismatch is likely benign but worth noting; (5) if you need higher assurance, ask the skill author/source or request the full, untruncated SKILL.md (the provided content was truncated) before proceeding.

Like a lobster shell, security has layers — review code before you run it.

latestvk97d5ab771sgebrmba0tsjsdmd81ym3g

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments