ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Linux Incident Remediator

v1.0.0

Provides forensically-safe Linux threat detection, network and process analysis, integrity verification, controlled firewall and service remediation preservi...

0· 722·0 current·0 all-time
by@kiaraho
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the SKILL.md: the instructions are a coherent set of forensic collection, analysis, integrity checks, and controlled remediation steps appropriate to a Linux incident response tool.
Instruction Scope
Instructions instruct running many privileged system utilities (ss, journalctl, tcpdump, lsof, strace, rpm/apt verification, iptables/nft/firewalld changes) and to download forensic Python tools into /opt. This is consistent with incident response, but these operations require root and can alter evidence or system state if run incorrectly; the guide notes some cautions but gives broad operational discretion.
Install Mechanism
No install spec (instruction-only) which reduces install-time risk. The SKILL.md does instruct using wget to fetch scripts from raw.githubusercontent.com (Didier Stevens Suite) into /opt and make them executable; raw.githubusercontent.com is a known host and Didier Stevens' tools are common forensic helpers, but any remote-script download should be validated before execution.
Credentials
The skill requests no environment variables or external credentials. It does require root/sudo to perform many steps — appropriate and expected for system remediation. There are no unexplained credential or config-path requests.
Persistence & Privilege
The skill does not request always:true and provides no self-install. It does contain instructions to persist firewall rules and to write files under /opt and /etc (e.g., persisting iptables rules), which are legitimate for remediation but are significant system changes; use with caution.
Assessment
This skill is coherent for a sysadmin/incident responder, but it performs privileged operations. Before using: (1) only run commands if you understand their impact and have physical/forensic custody policies in place, (2) work on a forensic copy or isolated host when possible to avoid contaminating evidence, (3) inspect and verify any scripts you download (check authorship, hashes, and review code) before making them executable, (4) prefer package-manager installs for trusted tooling when practical, and (5) document and backup current firewall and system state before persisting changes so remediation is reversible. If you lack deep Linux incident-response experience, consult a professional — these commands can disrupt production systems or destroy forensic value if misused.

Like a lobster shell, security has layers — review code before you run it.

latestvk97exh27p3g33h5fae6yr1zbg5815dms

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments