ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

System Hardening Checklist

v1.0.0

Comprehensive security assessment and hardening recommendations platform providing compliance framework guidance and critical control evaluation.

0· 52·0 current·0 all-time
byToolWeb@krishnakumarmahadevan-cmd
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description match the included SKILL.md and openapi.json which describe an assessment API and checklist; however the skill advertises a hosted service and pricing but does not provide a base URL, server information, or any authentication/credential requirements. That omission is inconsistent with a real commercial API.
Instruction Scope
The SKILL.md is an API specification and usage examples only — it does not instruct the agent to read arbitrary local files, access unrelated environment variables, or transmit data to unexpected endpoints. It also does not include runtime commands or steps that would execute on the host.
Install Mechanism
No install spec and no code files beyond documentation/OpenAPI. As an instruction-only skill, it does not install artifacts or write files to disk, which is low risk from an install perspective.
!
Credentials
The skill declares no required environment variables or credentials, but describes a paid hosted API with usage limits and plans — a real integration would normally require a base endpoint and API key/credentials. The absence of any credential requirements is disproportionate to the advertised purpose and could indicate an incomplete or placeholder skill.
Persistence & Privilege
always is false and the skill is user-invocable; it does not request persistent presence or elevated platform privileges.
What to consider before installing
This skill appears to be documentation and an OpenAPI spec for a system-hardening assessment API rather than a working integration. Before installing or using it: (1) verify the publisher and provenance — the source/homepage is unknown; (2) ask the publisher for the API base URL and authentication method (API key/OAuth) — the spec includes paths but no servers/credentials; (3) do not paste real secrets or production data into example payloads until you know where requests will be sent; (4) treat this as low-risk documentation-only content but avoid using it to drive automated assessments that would submit sensitive environment/system data until the endpoint and auth are confirmed.

Like a lobster shell, security has layers — review code before you run it.

latestvk978c8pkk9zrjwypvetqgvpm9d83tw36

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments