ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

OpenClaw Vulnerability Checker

v1.0.1

OpenClaw 安全漏洞检查与配置审计工具。用于检测当前 OpenClaw 版本存在的已知安全漏洞、公网访问安全风险,对比当前版本与最新版本的差异,获取漏洞详情、风险评估、配置审计和升级建议。使用场景:(1) 用户询问"检查一下我的 OpenClaw 版本有什么安全漏洞",(2) 用户说"检查 OpenClaw...

1· 261·0 current·0 all-time
by@hzzhuohui
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill claims to check the local OpenClaw installation and public exposure, which legitimately requires reading local process/listening-port/firewall state and calling external vulnerability databases. However the SKILL metadata lists no required binaries or dependencies, while the runtime instructions and included scripts assume: the 'openclaw' CLI, system tools (lsof, netstat, ps, pfctl, iptables), Python runtime and third-party libraries (requests, beautifulsoup4). That mismatch (declaring nothing while requiring several platform tools and Python packages) is an incoherence the user should notice.
Instruction Scope
The SKILL.md instructs the agent to run local commands that list processes, open ports, and firewall rules (e.g., `openclaw --version`, `lsof`, `netstat`, `ps aux`, `pfctl`, `iptables`) and to query external sources (GitHub API, NVD, CNNVD). Those actions are within the stated purpose (configuration/audit) but they will reveal local system state and potentially send data to external APIs. The instructions also allow optionally supplying a GitHub token for richer GHSA queries; the skill does not require a token but will accept one if provided.
Install Mechanism
There is no install spec (instruction-only), which lowers supply-chain risk, but the package includes two Python scripts that rely on requests and BeautifulSoup. The top of get_releases.py mentions `pip install requests beautifulsoup4`, but the skill metadata does not declare these dependencies or provide an installer. Running the scripts as-is will require a local Python environment and network access. No remote download of arbitrary code is present in the provided files.
Credentials
The registry declares no required environment variables or credentials. SKILL.md recommends (optionally) using a GitHub Personal Access Token to query GitHub Security Advisories; if supplied it should be limited to minimum scopes. There is no attempt to read other environment variables, but the instructions do access local system state (process list, ports, firewall) which is sensitive and proportional to an audit tool but should be explicitly acknowledged to the user.
Persistence & Privilege
The skill does not request persistent inclusion (always:false) and does not attempt to modify other skills or system configuration as part of install. It suggests commands the user could run to patch configurations, but it does not itself declare any autonomous persistent privileges.
What to consider before installing
This skill appears to implement an OpenClaw audit tool, but it has a few red flags you should consider before running it: (1) It expects local binaries (openclaw, lsof/netstat, pfctl/iptables, etc.) and a Python environment with requests + beautifulsoup4, but the package metadata doesn't declare these requirements — verify these tools exist in your environment. (2) The scripts and instructions will run local commands that reveal process lists, open ports, and firewall rules; only run on systems you control or in an isolated environment if you're uncomfortable exposing that state. (3) If you provide a GitHub token for GHSA queries, limit its scope (no broad repo deletion/admin scopes) and treat it as sensitive. (4) Review the included scripts (get_releases.py and get_version.py) yourself — they are plain Python and network-capable; no obfuscated code was found, but ensure network calls (GitHub/NVD/CNNVD) are acceptable in your environment. If you want to proceed: run the scripts interactively (not with elevated automation), ensure required dependencies are installed in a virtualenv, and avoid giving any credentials unless necessary and scoped narrowly.

Like a lobster shell, security has layers — review code before you run it.

cvevk976jbbyenwhajed8mq918e2as82pk3glatestvk977e0s5qkgm0j59akmnjqxard83gfzqsecurityvk976jbbyenwhajed8mq918e2as82pk3gupdatesvk976jbbyenwhajed8mq918e2as82pk3gversionvk976jbbyenwhajed8mq918e2as82pk3gvulnerability-checkervk976jbbyenwhajed8mq918e2as82pk3g

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments