ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Merlin Clawguard

v1.3.0

Système immunitaire numérique pour agents autonomes. Détecte les skills malveillantes via Clawdex (par Koi), scanne avec 4 vaccines Python (C2, rootkits, cha...

0· 95·0 current·0 all-time
by@kofna3369
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill claims to be a threat scanner for ClawHub/Moltbook and the included Python modules implement many detection heuristics, which is coherent. However there are multiple mismatches between declared requirements/paths and the actual file layout: SKILL.md metadata lists a Python module requirement (aiohttp) even though the registry declares only curl/python3; the CLI wrappers use sys.path entries like 'VAX-030-package-ecosystem' and 'VAX-027-data-exfiltration-c2' while the file manifest contains vaccines/VAX-027 and vaccines/VAX-030. Duplicate similar entrypoint files (merlin-guard.py vs merlin_guard.py) with differing behavior also indicate sloppy packaging. These inconsistencies are not justified by the stated purpose and may cause runtime import errors or unexpected import behavior.
Instruction Scope
The SKILL.md usage is scoped to scanning skill files and calling a recommended Clawdex HTTP endpoint; it does not instruct the agent to read arbitrary system files or exfiltrate secrets. The embedded vaccine modules scan text for many risky patterns (C2 domains, webhooks, base64 blobs, kernel/rootkit indicators). That behavior is expected for a scanner, but some detectors rely on high-weight heuristics and string matching which can produce false positives and lead to aggressive 'BLOQUER' decisions. SKILL.md recommends curl to an external 'clawdex.koi.security' endpoint — network calls to that endpoint are suggested but not automatically performed by the included code. No instructions request unrelated environment variables or secret access.
Install Mechanism
There is no install spec (instruction-only install) so nothing is downloaded or extracted during installation. The risk surface is limited to the bundled Python files which will be executed by the agent when invoked. No external URLs are fetched by an installer step; still, because code files are present they will run locally when the skill is used.
Credentials
The skill does not require credentials or config paths (registry shows none), which is proportionate to its scanning purpose. Minor inconsistency: SKILL.md metadata lists a Python dependency ('aiohttp') that is not declared elsewhere and the registry lists only curl and python3 as required binaries. There is no request for secrets, but the code performs pattern matching on skill code that could include tokens if the scanned skill contains them — users should avoid scanning sensitive production secrets with third-party scanners.
Persistence & Privilege
The skill does not request always:true and does not declare privileged persistence or modification of other skills. Model invocation is allowed (platform default). The scanner could be invoked autonomously to flag or recommend blocking skills, but nothing in the package attempts to modify agent configuration or persist credentials.
What to consider before installing
This package implements a local threat scanner and many detection rules are present in the included Python vaccines — that matches the stated purpose. However the repository shows several coherence issues (mismatched import paths, duplicate entrypoint files, and SKILL.md metadata that does not align with the manifest), and the author/source are unknown with no homepage. Before installation: 1) Review the full vaccine_* modules (especially the truncated files) for any network calls, obfuscated code, or write/delete operations; 2) Test the scanner in a sandboxed environment (no production secrets) to observe its behavior and runtime import errors; 3) Confirm provenance or prefer a scanner from a known maintainer; 4) If you plan to let the agent invoke this autonomously, consider restricting its permissions and ensuring it cannot block or uninstall other skills without explicit human review. The inconsistencies increase risk of accidental misbehavior or runtime surprises — proceed with caution.
vaccines/VAX-030/vaccine_30.py:545
Environment variable access combined with network send.
!
vaccines/VAX-030/vaccine_30.py:147
File read combined with network send (possible exfiltration).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk9793je401y721jb5wtzfkcr2d83s8t6

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binscurl, python3

Comments