ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Action Gate Bridge

v0.0.1

Route risky communications next steps through a typed action-intent bridge so external writes, bookings, settings changes, public posts, and spend decisions...

0· 13·0 current·0 all-time
by@heyalerio
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
Crypto
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name, description, SKILL.md, reference docs, and scripts are coherent: the skill is explicitly a bridge that converts proposed actions into typed proposals and routes HTTP write-intents through a sidecar. That capability justifies the included scripts and their HTTP endpoints.
Instruction Scope
SKILL.md confines behavior to reading the reference docs, classifying actions, and routing proposals rather than executing risky actions directly. However, the provided helper scripts will POST arbitrary proposal and HTTP-request payloads (including user-supplied bodies) to configured endpoints; that capability goes beyond 'read/classify' and must be carefully constrained by the runtime environment and approval flow.
Install Mechanism
There is no install spec (instruction-only plus small helper scripts). No downloads or package installs are requested, so nothing arbitrary is written to disk by an installer.
!
Credentials
The scripts read ACTION_GATE_URL and CRABTRAP_HTTP_PROXY_URL environment variables (and allow a credentialsRef to be passed) but the registry metadata declares no required env vars or primary credential. This omission reduces transparency. If these env vars are set to remote endpoints, the skill can transmit arbitrary data and request execution credentials indirectly—so the requested/implicit environment access is under-declared and therefore disproportionate without additional safeguards.
Persistence & Privilege
always:false and default model-invocation settings are used. The skill does not request permanent presence or claim to modify other skills or system-wide settings.
What to consider before installing
This skill is intended to route action proposals through a sidecar; that is a legitimate design. Before installing, verify: (1) which environment variables will be used in your environment—ACTION_GATE_URL and CRABTRAP_HTTP_PROXY_URL are referenced by the scripts but not declared in the registry—ensure they are set only to trusted, internal endpoints (localhost or internal network) and not to arbitrary public URLs; (2) how the sidecar enforces authentication, authorization, and an approval workflow (who can approve actions, what 'credentialsRef' can access); (3) that the agent will not auto-execute risky actions without explicit user approval; and (4) that any credentials referenced are stored and retrieved securely by a controlled secret manager rather than passed in plain text. If you cannot confirm the sidecar's implementation and access controls, treat this skill as high-risk for accidental or intentional exfiltration or unintended external writes.
scripts/propose-action.js:2
Environment variable access combined with network send.
scripts/route-http-write.js:2
Environment variable access combined with network send.
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk9782t369nqjsacwcjnchp1hw984bepj

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments