ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Fix NPM Vulnerabilities

v1.0.1

This skill should be used when the user asks about "npm vulnerabilities", "npm audit", "fix npm security", "security vulnerabilities in packages", "vulnerabl...

0· 36·0 current·0 all-time
by@jelllove
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description and SKILL.md align: the skill focuses on running npm audit/fixes, scanning package.json, creating a fix branch, building and testing. Required resources declared (none) are consistent with a guidance-only skill.
!
Instruction Scope
SKILL.md instructs the agent to read project files (package.json), manage git state (revert uncommitted changes, switch branches), run build/tests, and — importantly — to auto-install missing tools. The silent auto-install policy (install without asking for 'low-risk' tools) grants the agent broad discretion to download and run software and modify the system, which goes beyond simply advising on npm vulnerabilities.
!
Install Mechanism
Although the skill bundle has no install spec, the runtime policy directs using npm global installs, winget, and other package managers. Global npm installs and package-manager installs download and execute code from external registries — this is moderate-to-high risk when done automatically and silently, especially if the exact packages are not pre-specified or pinned.
Credentials
The skill does not request credentials or environment variables, which is appropriate. However, the workflow may require network access and elevated permissions to install global tools and will modify the user's git repository; these side effects are not expressed as required permissions and could surprise users.
Persistence & Privilege
The skill is not always-enabled and does not modify other skills, but its instructions modify system state (installing global tools) and repository state (creating branches, reverting changes). That behavior is expected for remediation but should require explicit user confirmation; the SKILL.md's silent install rule is the main privilege concern.
What to consider before installing
This skill appears to genuinely aim at automating npm vulnerability fixes, but it includes a policy to auto-install tools silently (npm -g, winget, etc.) and will modify your git repo (reverting changes, creating branches, running builds/tests). Before installing or running it: 1) disable or remove the silent auto-install behavior and require explicit consent for any global/system installs; 2) ask which exact packages (names and versions/hashes) it will install and prefer pinned versions from known maintainers; 3) run the workflow in a disposable environment (container or VM) or on a CI branch to avoid unintended changes; 4) ensure you have a backup of your repo and CI runs before merging automated fixes; 5) require confirmation for any destructive actions (revert, global install, or admin-elevated commands). These mitigations reduce risk while still allowing the skill to perform its intended purpose.

Like a lobster shell, security has layers — review code before you run it.

latestvk970e8y4tw6qs7jqkc1ar3s9dh83z9td

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments