ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

SkillGuard Security Scanner

v0.1.0

Security auditing for OpenClaw agent skills. Scans skills for dangerous patterns, vulnerable dependencies, and suspicious behaviors before installation.

0· 24·0 current·0 all-time
by@jonathanliu811026
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name and description claim a security scanner and the runtime instructions describe appropriate scanning features. However, the package contains no scanner implementation and instead tells users/agents to run 'npx skillguard-audit', so the actual capability would come from an external npm package rather than the skill bundle itself — this is plausible but not documented in metadata and creates a provenance gap.
!
Instruction Scope
SKILL.md instructs running 'npx skillguard-audit' (CLI and server) and auditing local skill folders. Those commands will fetch and execute remote code at runtime and may access local filesystem paths (e.g., './my-skill') and network ports (serve --port 3402). The instructions also reference a file (CLAWHUB_INTEGRATION.md) that is not present in the manifest. The instructions do not list required credentials but would likely need network access and possibly ClawHub access in practice.
!
Install Mechanism
There is no install spec and no code in the bundle, but the instructions rely on npx which dynamically downloads and executes code from the npm registry. That runtime download is a high-risk install mechanism (supply-chain execution) that is not declared or constrained by the skill metadata.
Credentials
The skill declares no required environment variables, credentials, or config paths. There is nothing requesting unrelated secrets in the provided metadata or SKILL.md. That said, the external tool it instructs you to run could require credentials — but this is not declared here.
Persistence & Privilege
The skill does not request 'always: true' and has no install-time persistence. Autonomous invocation is allowed (platform default) but not amplified by additional privileges in the skill metadata.
What to consider before installing
This skill is an instruction-only wrapper that tells you to run an external npm tool (npx skillguard-audit) rather than providing its own scanner. That means installing or invoking it will download and execute code from the npm registry — a supply-chain and execution risk. Before using it: (1) prefer a skill that includes its scanner code or a verified source URL; (2) ask the publisher for the npm package name, repository link, and a release checksum; (3) inspect the npm package source or run it in a sandboxed environment (isolated container) if you must use it; (4) do not run its 'serve' command on production hosts; and (5) be cautious about granting any credentials or opening network ports. If the author can provide a hosted repository (GitHub release) or include the scanner implementation in the skill bundle, that would reduce the concern.

Like a lobster shell, security has layers — review code before you run it.

latestvk97b0z4r537qg2d95k6866m6kd84e6gx

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🛡️ Clawdis

Comments