ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Remote Node SSH

v1.0.1

Run commands and transfer files between an OpenClaw gateway (VPS) and a paired local node via node protocol or SSH fallback. Covers transport selection, comm...

0· 59·0 current·0 all-time
byJohnny Faris@jkfaris94
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (remote exec + file transfer) aligns with the SKILL.md: it documents node protocol for exec and SSH (ssh/scp/rsync) for fallback and transfer. The declared required tools (ssh, scp, rsync, openclaw CLI) are appropriate for this purpose.
Instruction Scope
Instructions are narrowly focused on running commands and transferring files between gateway and paired node. They do not request unrelated system files, global environment variables, or external endpoints. Note: the doc assumes the operator has SSH access and may need administrative rights on the remote node to restart the OpenClaw node service.
Install Mechanism
No install spec or code files — instruction-only. This is low-risk since nothing is fetched or written by an install step.
Credentials
No environment variables, credentials, or config paths are requested. Use of SSH keys and the openclaw CLI is expected and proportional to the functionality.
Persistence & Privilege
Skill is not forced always-on. It allows autonomous invocation (platform default) but that is not combined with broad credentials or system-wide modifications, so no elevated persistence concerns.
Assessment
This skill is coherent with its stated purpose, but before installing: ensure your node is actually paired and you have appropriate SSH access (keys/config); be aware restarting the remote OpenClaw service requires admin rights on the node; verify the openclaw CLI you run is from a trusted source; test commands on a non-production node first to avoid accidental service disruption.

Like a lobster shell, security has layers — review code before you run it.

latestvk97377gk9v7tv2fc29dhje4ak1842z69

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments