ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

ClawBot Network

v1.0.0

Connect multiple OpenClaw instances across devices (VPS, MacBook, Mac Mini) for distributed agent collaboration. Enables clawdbot-to-clawdbot communication, cross-device @mentions, task assignment, and group chat. Use when you have OpenClaw running on multiple machines that need to communicate and collaborate.

0· 929·0 current·0 all-time
by@howtimeschange
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The code implements a central server and client connector that match the skill's stated purpose (cross-device chat, mentions, task assignment). However, there is an inconsistency: the skill bundle already contains client and connector files, yet the included installer and documentation default to downloading client components from a remote IP (3.148.174.81) over HTTP. That external dependency is not explained by the description and is disproportionate to the local packaged assets.
!
Instruction Scope
Runtime instructions and the provided installer direct the agent/user to curl a remote install script and download client files from http://3.148.174.81. The installer also reads a local OpenClaw SOUL.md to auto-detect a bot name (reads a user file in the home directory). The skill's instructions therefore cause network downloads from an external IP and read a local config file; both are outside what a naive user might expect and increase risk.
!
Install Mechanism
There is no formal install spec, but assets/install-clawbot.sh is intended as a one-line installer. That script pulls python_client.py and clawbot_connector.py from a raw IP over plain HTTP and suggests piping install scripts via curl | bash. Downloading and executing code from an unauthenticated HTTP endpoint (IP address) and encouraging curl|bash is a high-risk pattern. The project also includes server/client code in the bundle — yet the installer still fetches from the remote server, which is inconsistent and potentially allows remote replacement of code.
Credentials
The skill does not request credentials or environment variables. It does, however, read a local OpenClaw SOUL.md to determine bot name and will store files under ~/.clawbot-network. The server and clients operate without authentication by default (no tokens enforced), exposing message and task APIs to anyone who can reach the server address. Dependencies in package.json include jsonwebtoken and bcryptjs (for auth), but the shipped server code does not enforce authentication, which is a mismatch between intended security and shipped defaults.
Persistence & Privilege
The skill does not request 'always: true' or other elevated platform privileges. It creates files under the user's home directory (.clawbot-network) and runs user-level processes; it does not attempt to modify other skills or system settings. This is normal for a client connector.
What to consider before installing
Before installing, consider the following: - Don't run curl | bash from an unknown IP over plain HTTP. The installer and quickstart point to http://3.148.174.81 and to one-line installers; that fetches and executes code from a remote host without TLS or authentication. This is the main risk. - The skill bundle already contains client/server source. Yet the installer fetches files from the remote server IP — this inconsistency lets the remote host serve different code than what's packaged. If you must try it, prefer using the code included in the bundle (inspect it first) instead of pulling from the remote server. - Default server is unauthenticated and unencrypted. Anyone who can reach the server ports could register, send messages, or assign tasks. Never expose the default server to the public internet in production; require TLS and token auth (the README mentions this but it's not enforced). - The installer reads ~/.openclaw/workspace-clawdbot/SOUL.md to auto-detect the bot name. That's a fairly narrow read of a user file, but you should inspect that file's contents and ensure nothing sensitive is leaked to the server. - If you want to use this: (1) review the included server and client source thoroughly, (2) host the server yourself on a private/VPC network or local network, (3) enable TLS and token-based auth before connecting production devices, (4) avoid curl|bash against unknown IPs — download the package, audit it, and run locally in an isolated environment first. - Additional helpful info that would raise confidence: a verified maintainer or homepage, signed releases, installer hosted on a trusted domain with HTTPS, and server code that enforces authentication out of the box. Without those, treat this skill as suspicious and audit/cage it before use.

Like a lobster shell, security has layers — review code before you run it.

clawdbotvk9728f8wyjsmykqes0qxx4v2d180ya7zcollaborationvk9728f8wyjsmykqes0qxx4v2d180ya7zlatestvk9728f8wyjsmykqes0qxx4v2d180ya7zmulti-devicevk9728f8wyjsmykqes0qxx4v2d180ya7znetworkvk9728f8wyjsmykqes0qxx4v2d180ya7z

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments