Skillv1.0.0

ClawScan security

Suricata IDS Monitor · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 13, 2026, 6:56 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill mostly matches its stated purpose (reading and triaging eve.json) but contains discrepancies and risky instructions — notably undeclared Telegram exfiltration, a sudo chmod suggestion, and scheduling/persistence guidance — so review before installing.
Guidance: This skill appears to do what it claims (parse /var/log/suricata/eve.json and make a report), but there are several red flags you should review before installing or running it: 1) The SKILL.md contradicts itself — it says "No data leaves your machine" yet includes example code that posts reports to Telegram (which would require TELEGRAM_BOT_TOKEN and TELEGRAM_CHAT_ID). Treat those env vars as sensitive. 2) The doc suggests using 'sudo chmod 644 /var/log/suricata/eve.json' — that relaxes file permissions and can expose sensitive logs to other local users; prefer safer alternatives (add the agent user to the appropriate group or use setfacl) instead of world-readable chmod. 3) The cron scheduling example would make the skill run periodically; only add such a schedule if you trust the skill and have reviewed where reports will be sent and stored. 4) The skill references other skills (telegram-notifier, eva-security-audit) without declaring dependencies; verify those integrations before use. 5) Because the skill source and homepage are unknown, consider running it manually in a controlled environment first, avoid providing Telegram tokens until you confirm expected behavior, and inspect any files written to 'memory/' or other paths. If you need higher assurance, request the skill author/source, or have someone review the SKILL.md and test commands in a sandboxed/non-production host.

Review Dimensions

Purpose & Capability: concernThe skill's stated purpose (parse local Suricata eve.json and produce a report) matches the code in SKILL.md. However the doc explicitly says "No external API" and "No data leaves your machine" while also including a Telegram delivery example that posts the full report to api.telegram.org. The skill also references other skills (telegram-notifier, eva-security-audit) without declaring those integrations. These contradictions are unexplained and warrant caution.
Instruction Scope: concernInstructions primarily read /var/log/suricata/eve.json (expected) and build reports, but they also: 1) suggest changing file permissions with 'sudo chmod 644' (alters system ACLs and widens access to a sensitive log), 2) show sending the report to Telegram (external network transfer), 3) write reports into a 'memory/' directory, and 4) include a cron scheduling example that would make the skill run periodically. These steps expand scope beyond read-only analysis and are not fully justified in the metadata.
Install Mechanism: okNo install spec and no code files — the skill is instruction-only, which minimizes extra installed code. There is no download or execution of remote artifacts in the SKILL.md itself.
Credentials: concernThe skill metadata declares no required environment variables, but the delivery example uses os.environ['TELEGRAM_BOT_TOKEN'] and TELEGRAM_CHAT_ID — sensitive credentials that would enable external posting of potentially sensitive logs. The SKILL.md neither declares nor documents these env vars or the privacy implications. The suggestion to run sudo commands (chmod and ufw block commands as recommended actions) further escalates required privileges.
Persistence & Privilege: concernalways is false (good), but the SKILL.md includes explicit instructions to add a cron job via 'openclaw cron add', which would schedule recurring runs. While scheduling is user-initiated, it increases persistence and potential blast radius if the skill is later misused. The document also recommends changing file permissions with sudo, which grants broader system access to the log file.