ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Port Scanner

v1.0.0

Fast TCP port scanner for network reconnaissance and security auditing. Scan hosts for open ports, detect common services, and identify potential attack surf...

0· 179·0 current·0 all-time
byJohn Wang@johnnywang2001
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the provided code and SKILL.md. The included script implements a TCP port scanner with service heuristics and banner grabbing; no unrelated credentials, binaries, or services are requested.
Instruction Scope
Runtime instructions simply run the bundled Python script with CLI flags. The SKILL.md and script operate only on the target host/IP provided by the user, perform DNS resolution and TCP connections, and attempt simple banner grabs (including sending a minimal HTTP HEAD to common HTTP ports). They do not read other files, environment variables, or send results to external endpoints.
Install Mechanism
No install spec or external downloads are present; this is an instruction-only skill that includes a pure-stdlib Python script. Nothing is fetched from external URLs or installed to disk at runtime beyond running the included script.
Credentials
The skill declares no required environment variables, credentials, or config paths and the code does not access secrets. Requested permissions are proportional to a network scanner.
Persistence & Privilege
always is false and there are no indications the skill modifies other skills or system settings. The skill can be invoked autonomously (platform default) which increases operational risk if you don't want autonomous network scans — this is expected behavior but worth noting.
Assessment
This skill appears to be what it claims (a simple TCP port scanner). Before installing or running it: (1) ensure you have explicit authorization to scan the target network or host (unauthorized scanning can be illegal and disruptive); (2) consider lowering --workers and increasing --timeout on shared networks to avoid DoS-like effects; (3) you can run the included script locally to inspect behavior (it's pure Python stdlib); (4) if you don't want the agent to ever run scans autonomously, disable autonomous invocation for this skill or require explicit user approval before each run.

Like a lobster shell, security has layers — review code before you run it.

latestvk97735hnn2b3p5jjt9hy6zncqx82x131

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments