Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Claw Security Suite
v1.1.0Provides four-layer security for OpenClaw including static code scanning, logic audit, runtime protection, and periodic security patrols with automated reports.
⭐ 0· 114·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
Name/description (multi-layer security: static scan, logic audit, runtime protection, periodic patrol) match the shipped modules and exported APIs. The files implement the declared capabilities and there are no unrelated credentials, binaries, or surprising external dependencies.
Instruction Scope
SKILL.md instructs the agent to run local scanning, logic auditing, runtime input checks, and scheduled patrols — all implemented in the code. The instructions do cause the skill to read other skills' files (scanning /app/working/skills) and to call RuntimeProtector before user inputs if integrated; this is expected for a security tool but grants the skill broad read access within the agent workspace.
Install Mechanism
No external install spec (instruction-only installer) and the package uses only bundled Python standard-library code. Nothing is downloaded or executed from arbitrary URLs during install.
Credentials
No required secrets or env-vars are declared; an optional CLAW_SECURITY_CLOUD_ENDPOINT env var can override a default cloud endpoint. However the code ships with a non-empty default endpoint (https://matrix.tencent.com/clawscan/skill_security) and will query it (skill_name + source) if a skill_name is provided — this causes network traffic to a third party even with zero config. No local files or credentials are sent, per code, but the network call and its default should be considered before enabling.
Persistence & Privilege
The skill writes baseline and report files to /app/working/security and /app/working/logs/security and scans /app/working/skills; it does not request always:true or system-level privileges. Creating and updating baseline/report files is consistent with its stated patrol role but grants it persistent artifacts in the agent workspace.
Assessment
This package appears to implement the security features it claims, but review and decide on two policy points before installing:
1) Cloud intel endpoint: the code includes a default Tencent endpoint and will perform a GET request (skill_name and source as query params) when you call the scanner with a skill_name. If you do not want any network calls, either set CLAW_SECURITY_CLOUD_ENDPOINT to an empty value or avoid passing a skill_name to the cloud-checking APIs. The code documents the behavior, but a default third-party call is privacy-sensitive.
2) Workspace reads and writes: the patrol and scanners read files under /app/working/skills and will create/update baseline and report files under /app/working/security and /app/working/logs/security. Ensure you trust this skill to access and persist those files (and check filesystem permissions) — the tool will report or block installation results based on its findings and may flag benign files.
Additional recommendations:
- If you plan to rely on this skill to block installs, review the cloud endpoint and consider hosting your own CLAW_SECURITY_CLOUD_ENDPOINT to avoid third‑party queries.
- Review the code (already included) if you need stricter guarantees about exactly what is sent externally; the network payload is a simple query string, not file contents, per the implementation.
- Note minor metadata inconsistencies (package __version__ differs from registry version) and confirm you obtained the package from a trusted source before granting it access to your agent workspace.Like a lobster shell, security has layers — review code before you run it.
latestvk97cbw56m2wgy4arctdebjb5xx8335wc
License
MIT-0
Free to use, modify, and redistribute. No attribution required.