ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Network Device Monitor

v1.0.0

Monitor network devices, detect unknown clients, and alert on new connections. Works with any router that serves a web UI. Tracks device state changes over t...

0· 132·0 current·0 all-time
by@hostilespider
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (network device monitoring) align with the included script and required binary (python3). The script legitimately uses nmap or arp-scan to discover devices; these tools are appropriate for the stated function. Minor implementation quirk: the arp_scan() function calls arp-scan with --localnet and ignores the supplied subnet argument (likely a bug, not malicious).
Instruction Scope
SKILL.md instructs running the included script and describes options. The instructions reference nmap and arp-scan even though registry metadata lists only python3 as a required binary — the missing mention of nmap/arp-scan is an oversight and users must install one of them. The script reads/writes a state file (default ~/.network-state.json) and can read a user-provided known-devices JSON; this is expected for tracking device state.
Install Mechanism
No install spec — instruction-only with a bundled script. Nothing is downloaded or written during install; the lowest-risk install model.
Credentials
The skill asks for no environment variables or credentials. It stores state locally in a JSON file under the user's home directory (default), which is proportionate for a monitor that must persist state.
Persistence & Privilege
The skill does persist state to a file in the user's home directory (expected). It does not request always: true and has no elevated platform privileges. Autonomous invocation (default) is permitted by platform policy; combined with the skill's local state writes this is normal for a monitor.
Assessment
This skill appears coherent and performs only local network scans and local state storage. Before installing or running: 1) Ensure you have nmap or arp-scan installed (arp-scan requires root and the script currently calls arp-scan with --localnet, ignoring the supplied subnet — be aware of this bug). 2) The script writes ~/<hidden>/.network-state.json by default; review or override the --state path if you prefer a different location. 3) Network scans may trigger IDS/IPS on some networks and arp-scan requires elevated privileges — run in a safe/test environment if unsure. 4) The code uses subprocess to invoke system tools; inspect the script yourself if you have security concerns. No external network calls or credential exfiltration were found.

Like a lobster shell, security has layers — review code before you run it.

latestvk97erf2akrhhaf5zv5p7f3dmbd83t47q

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📡 Clawdis
Binspython3

Comments