ClawHub

Text

PassAudited by VirusTotal on May 12, 2026.

Overview

Type: OpenClaw Skill Name: text Version: 1.0.0 The skill bundle is primarily instructional and provides numerous benign text processing examples. However, the `data.md` file includes shell commands that execute arbitrary Python code (`python3 -c "..."`) and commands to parse `.env` files (`grep ... .env`). While the examples provided are benign and align with the stated purpose of text processing, these capabilities introduce a vulnerability risk. The `python3 -c` command could be leveraged for Remote Code Execution (RCE) if an AI agent were to construct or receive malicious input for it. The `.env` file parsing, while a legitimate data extraction task, could expose sensitive environment variables if applied to a privileged file by a compromised agent or malicious prompt. These are risky capabilities that could allow attacks, classifying the bundle as suspicious rather than benign, but without clear evidence of intentional malicious design.

Findings (0)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

NoteHigh Confidence
ASI02: Tool Misuse and Exploitation
What this means

A text file could be changed or overwritten if an agent applies the command directly.

Why it was flagged

The skill documents local shell commands, including an in-place file edit. This fits text cleanup, but could alter a user file if run without review.

Skill content
- **Remove BOM if present:** `sed -i '1s/^\xEF\xBB\xBF//'`
Recommendation

Run file-changing commands only on user-approved files, preferably on a copy or with a backup.

NoteHigh Confidence
ASI03: Identity and Privilege Abuse
What this means

Secrets in a local .env file could be displayed if the command is used on a real project configuration file.

Why it was flagged

.env files commonly contain API keys or secrets. The example is a config-text parsing command and does not show exfiltration, but it could reveal sensitive values to the agent context or output.

Skill content
# .env files
grep -v '^#' .env | grep '='
Recommendation

Ask before reading .env or other credential-bearing files, and redact secret values unless the user explicitly needs them.