Linux & service basics
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: linux-service-triage Version: 1.0.0 This skill is classified as suspicious due to its ability to execute system commands, including those that can modify system state, such as `systemctl reload nginx` and potentially `chown/chmod` (as indicated in examples). While the `SKILL.md` explicitly outlines strong safety measures, requiring user confirmation for any risky or privileged actions and defaulting to read-only diagnosis, the inherent capability to perform system modifications elevates it beyond benign. There is no clear evidence of intentional malicious behavior like data exfiltration or persistence, and the prompt injection instructions in `SKILL.md` are designed to enhance safety rather than subvert the agent.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running the suggested commands could change server configuration or service state, so the user should understand and approve them first.
The skill may provide shell commands that restart services, adjust permissions, or reload Nginx. This is purpose-aligned for service triage and is explicitly gated on user request and safety.
If explicitly requested and safe: exact shell commands to apply the fix.
Keep the read-only default, review proposed commands before execution, and require explicit approval for restarts, permission changes, reloads, or configuration edits.
A persistent service can keep running after reboot and affect the server until removed or disabled.
Creating a systemd service introduces persistence across reboots. Here it is disclosed as a user-invoked troubleshooting/setup use case, not hidden background behavior.
Create a systemd service for this script and make it survive reboots.
Only create persistent services when explicitly needed, include rollback commands such as disable/remove service files, and verify the service runs under the least-privileged appropriate user.