ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Ai Company Ciso Security Gate

v2.1.1

AI Company CISO安全门禁模块v2.1.0。STRIDE威胁建模、CVSS漏洞评分、安全红线审查、最终发布审查、CEO-EXEC危机直通接口安全规范。 触发关键词:安全审查、安全检查、漏洞扫描、威胁建模、危机直通、双重审批

0· 17·1 current·1 all-time
by@johnsmithfan
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name, description, and SKILL.md content all describe STRIDE, CVSS, red-flag detection, permission and dependency audits. Required binaries/env/configs are none; declared dependencies on related 'ai-company-*' skills are plausible for a corporate CISO gate.
!
Instruction Scope
The interface expects a skill_path and the declared permission set includes files: [read]. The SKILL.md is an instruction-only reviewer and does not constrain which filesystem paths may be read. That makes the runtime behavior potentially able to read arbitrary files accessible to the agent (e.g., credentials, config, /etc). The instructions do not show explicit exfiltration or network output, but unbounded file reads combined with autonomous invocation could expose secrets. SKILL.md otherwise stays within expected analysis tasks (threat modeling, scoring, red flags).
Install Mechanism
No install spec and no code files — instruction-only. Lowest install risk (nothing to download or execute on install).
Credentials
The skill requests no environment variables, no credentials, and no binaries. That is proportionate to a static/security-review skill. Dependencies on internal 'ai-company-*' skills are plausible; they should be audited but are not themselves unexplained credentials.
Persistence & Privilege
always:false and no special persistence. Model invocation is allowed (default). Autonomous invocation combined with file-read permission increases the risk window; on its own this is not a misalignment, but it's a capability the deployer should control (human approval, path restrictions).
What to consider before installing
This skill appears to do what it claims (STRIDE/CVSS/red‑flags reviews) and is instruction-only, but it is granted file-read permission with no path limits. Before installing or enabling autonomous use: 1) Restrict the skill_path input so the skill can only read vetted skill directories (do not allow arbitrary filesystem paths). 2) Require human-in-the-loop approval before the skill runs (especially for high-sensitivity repos). 3) Audit outputs for secrets and avoid sending reports to external endpoints. 4) Review the listed reference documents (they contain CONFIDENTIAL markings) and verify the listed dependencies (ai-company-* skills) come from trustworthy sources. If you need stronger assurance, run the skill in a sandboxed account with no access to production credentials and limit its filesystem scope.

Like a lobster shell, security has layers — review code before you run it.

latestvk979a44d1gye0gn8kjt0m40xcn851e3b

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments