Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
openprovider
v1.0.4OpenProvider domain registrar & DNS management. Triggers on: register domain, buy domain, renew domain, transfer domain, delete domain, restore domain, add D...
⭐ 0· 104·0 current·0 all-time
byJens Jung@jpj069
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description and the runtime instructions consistently target the OpenProvider REST API for domains, DNS, and SSL operations — capability matches purpose. However, the manifest declares no required environment variables or config paths while the SKILL.md explicitly expects OPENPROVIDER_USERNAME / OPENPROVIDER_PASSWORD (and a DB fallback), which is an omission.
Instruction Scope
SKILL.md instructs the agent to load credentials from environment variables or from a database table (system_settings key integration_credentials_openprovider). It also shows curl-based examples that pipe output to jq to extract tokens. The manifest does not declare access to any DB/config paths or required binaries, yet the instructions assume both. The DB fallback is especially notable because reading a system_settings table is outside the narrow scope described in the manifest and implies access to internal storage.
Install Mechanism
There is no install spec (instruction-only), which is low-risk in general. But the runtime examples rely on curl and jq; the manifest lists no required binaries. If the agent environment lacks these tools the examples won't work; if present, the sample shell pipelines could cause tokens/responses to be written to logs or shells if not handled carefully.
Credentials
The actions described legitimately require an OpenProvider username/password (and thus a credential). That is proportionate to the skill's purpose. However, the skill does not declare these required env vars in the registry metadata, and it additionally documents a fallback to reading sensitive credentials from a DB table. The combination (undeclared env vars + DB credential fallback) is an inconsistency and increases the attack surface unless the operator knows exactly which credentials will be used and how DB access is granted.
Persistence & Privilege
The skill is not marked always:true and does not request persistent system-level privileges. It is user-invocable and allows normal autonomous invocation; this is the platform default and not by itself concerning.
What to consider before installing
This skill appears to implement the documented OpenProvider API, but the registry metadata is inconsistent with the runtime instructions. Before installing: 1) Confirm which credentials will be provided — the SKILL.md expects OPENPROVIDER_USERNAME and OPENPROVIDER_PASSWORD (and documents a DB fallback key integration_credentials_openprovider) but the manifest lists no required env vars; ensure you only supply a dedicated OpenProvider account with minimal privileges. 2) Verify whether the agent will have access to your system_settings DB; if so, determine who can read that table and whether storing credentials there meets your security policy. 3) Note the examples use curl|jq — check that tokens and HTTP responses won't be logged or sent to unintended places. 4) If you need stronger assurance, request the publisher to update the manifest to declare the required env vars and to remove or clearly justify the DB fallback, and ask for explicit handling details for token caching/rotation. If you cannot confirm these points, treat installation as higher risk.Like a lobster shell, security has layers — review code before you run it.
latestvk978gywt8q0x65t0h3f0rgcqhd84r9nf
License
MIT-0
Free to use, modify, and redistribute. No attribution required.