Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
A security auditing tool for third-party Claude Code Skills. Automatically pre-checks any Skill before execution to block dangerous ones, and supports manual deep audits.
v1.0.0Scan a third-party Claude Code skill for security risks before enabling it. Use when user wants to audit, check, or verify the safety of a skill.
⭐ 0· 49·2 current·2 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill's name/description match its behavior: it installs a local hook and provides quick and deep scan scripts that read SKILL.md and other files to detect risky patterns. Creating ~/.claude/skills/skill-security-check and merging a PreToolUse hook into ~/.claude/settings.json is coherent with its goal of intercepting Skill execution.
Instruction Scope
SKILL.md and the scripts consistently instruct only to READ files, grep for risky patterns, and report findings. The SKILL.md explicitly states 'NEVER execute any code from the skill being audited', and the scripts follow that pattern (they use grep/python to analyze files). The auditor will read all files in other skills (including scripts and templates), which is needed for auditing but means local secrets embedded in those files would be inspected (read-only).
Install Mechanism
There is no remote installer; install.sh writes SKILL.md and scripts locally and (per README) merges a PreToolUse hook into ~/.claude/settings.json. This is lower risk than fetching arbitrary remote code, but it does write to a user config file and places executable hook scripts on disk — actions that require explicit user trust and review of the install script.
Credentials
The skill requests no environment variables or external credentials. It reads skill directories and files (which is necessary for its purpose). It does not appear to exfiltrate data or contact external endpoints. However, because it reads other skills' files, it will see any secrets those files contain locally (the scripts search for sensitive paths/keywords but don't send them anywhere).
Persistence & Privilege
To provide automatic pre-checking the installer modifies ~/.claude/settings.json to add a PreToolUse hook that runs pre-check.sh on every Skill invocation. That is a high-privilege persistent capability: it can block or allow arbitrary Skills at runtime. Because the skill originates from an unknown source, installing a persistent hook that runs automatically is a security/privacy decision that should not be taken lightly.
What to consider before installing
This skill's functionality matches its description (it installs a local pre-check hook and scanner), but it gains persistent, high-privilege behavior by writing a PreToolUse hook into your ~/.claude/settings.json — meaning it will run on every Skill invocation and can block Skills. If you consider installing: 1) Inspect install.sh and scripts/pre-check.sh and scripts/scan.sh line-by-line to confirm they do only local reads and reporting (look for any network calls or piping to bash). 2) Back up ~/.claude/settings.json before running the installer so you can revert changes. 3) Prefer running the scanner manually first (invoke scripts/scan.sh on suspicious skill directories) rather than installing the automatic hook. 4) If you must install, run install.sh in a controlled environment (non-production account/machine) and verify the settings.json merge behavior in the installer (ensure it does not add unexpected commands). 5) Treat this from an unknown source as potentially risky until you manually verify there's no hidden network activity or code that could be modified later to behave maliciously.Like a lobster shell, security has layers — review code before you run it.
latestvk977nqpwmfwjxf26aqvyv9rrcn83xmre
License
MIT-0
Free to use, modify, and redistribute. No attribution required.