Scripting Utils
AdvisoryAudited by VirusTotal on Apr 18, 2026.
Overview
Type: OpenClaw Skill Name: scripting-utils Version: 1.0.0 The bundle provides high-risk system management and script validation capabilities that could be leveraged for privilege escalation or arbitrary code execution. Specifically, 'scripts/system_manager.py' contains logic to generate commands for privileged operations such as adding users to the sudoers group ('usermod -aG sudo'), modifying firewall rules, and installing packages. Additionally, 'scripts/language_validator.py' uses 'subprocess.run' to execute external compilers and linters for multiple languages. While these features are consistent with the stated purpose of 'scripting utilities,' they represent a significant attack surface if the agent is manipulated via prompt injection. The inclusion of large scraped documentation files (e.g., 'references/pbot/Applets.md') further increases the risk of hidden instructions or indirect injection.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If used carelessly, the skill could help run commands that install packages or affect services/networking on a machine.
The skill documents package/system-management actions. This is disclosed and purpose-aligned, but such actions can change the host system if executed rather than only displayed.
python scripts/system_manager.py --action install --package nginx --os ubuntu
Only run system-management helpers after confirming what command will execute, and prefer dry-run or command-preview behavior where available.
JSON/WebSearch functionality may rely on another local package whose behavior is not shown here.
The package references a local dependency outside the provided skill manifest. That may be legitimate, but it means some functionality could depend on code not reviewed in these artifacts.
"dependencies": [
"../json-utils"
]Verify the ../json-utils package source before installing or running features that depend on it.
Search terms, API names, or related context may be sent to external documentation/search providers.
The skill discloses external documentation/WebSearch access. This is aligned with the purpose, but users should be aware that search queries or API-documentation requests may leave the local environment.
All modules support automatic documentation lookup ... Auto-fetches syntax from Microsoft docs if needed
Avoid using automatic lookup with proprietary code, private API details, or sensitive query text unless you are comfortable sending that context externally.