Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
ai-supply-chain-security
v2.1.0Cross-platform AI security scanner detecting hooks risks, MCP server attacks, prompt injection, supply chain threats in npm, PyPI, Rust, and GitHub Actions c...
⭐ 0· 36·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Benign
medium confidencePurpose & Capability
Name/description (AI supply‑chain & prompt/hooks scanner) match the shipped files and detection rules. The project contains Python/JS/sh scripts that implement the described scanning capabilities (MCP/hook detection, prompt injection, npm/PyPI/Cargo checks, lockfile checks, GitHub Actions analysis). No unrelated credentials or binaries are required by the skill metadata.
Instruction Scope
SKILL.md and CLI instruct the agent or user to scan directories (current dir or specified path). The scanner also advertises scanning project-level and global config files (e.g., ~/.npmrc, pip config) and can search home/work directories per config — this is coherent with its purpose but means it will read potentially sensitive local files (configs, lockfiles, project files). Instructions do not tell the agent to send data off‑host by default; webhook/email notification hooks are present but disabled by default in config.yaml.
Install Mechanism
No formal install spec is declared; SKILL.md shows manual installation via git clone or running included Python scripts. The SKILL.md references a GitHub repo (github.com/javamagong/...), but registry metadata lists source/homepage as unknown/missing — a minor inconsistency worth verifying before cloning. There are no remote downloads or archive extracts performed by the provided scripts themselves.
Credentials
The skill declares no required environment variables or primary credentials. Optional configuration supports webhooks and SMTP using environment variables if the user enables notifications; those are optional and not required at runtime. The scanner's detection rules look for references to many common secret names (AWS, OPENAI, etc.) — that's detection logic, not credential usage or exfiltration.
Persistence & Privilege
The skill does not request always:true and does not attempt to alter other skills or system-wide agent settings. It contains CLI/CI integration examples and a pre-commit hook snippet (local usage) but no code that would autonomously persist or escalate privileges. Running the scanner with elevated privileges would expose more files to scanning, but that is user-controlled.
Assessment
This package appears to be a legitimate local security scanner whose behavior matches its description. Before installing or running it: 1) verify the upstream source (SKILL.md references a GitHub repo but registry metadata lacks a homepage); 2) run it on directories you control (don’t point it at system/root paths unless you intend to scan them); 3) keep notification/webhook/email settings disabled unless you trust the destination (reports may contain detected secrets/config snippets); 4) review config.yaml to restrict scan_paths, exclusions, and max depth; and 5) if you want stronger assurance, inspect the full auto_scanner.py and any truncated files for network/send logic (requests or socket usage) before enabling notifications or running it on sensitive codebases.ai-scanner.js:104
Shell command execution detected (child_process).
auto_scanner.py:639
Dynamic code execution detected.
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.Like a lobster shell, security has layers — review code before you run it.
latestvk97df4kby1b83q4kcz2r4vvhw984dy42
License
MIT-0
Free to use, modify, and redistribute. No attribution required.