Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Skill Gatekeeper
v2.0.0技能門禁系統 - 自動審核、沙盒測試、安全放行
⭐ 0· 122·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description claim an automated audit/sandbox system and the code largely implements that (sandbox copy, local pattern scan, VirusTotal lookup). However there is an odd/hard-coded call to a Windows Node installer path (C:/Users/ReaMasTer/...) and the code uses child_process.execSync to run an external installer — this is unexpected for a cross-platform Bun tool and suggests either sloppy engineering or a potential backdoor/incoherence.
Instruction Scope
SKILL.md instructions map to the CLI implemented in gatekeeper.ts (audit/install/config). The runtime will copy skills into a sandbox, scan files, call VirusTotal, and then quarantine or delete originals. Those actions are within the stated scope, but the code performs destructive filesystem operations (cpSync + rmSync) and executes an external installer command; both require reviewing because they can modify or remove skill files and invoke arbitrary external code.
Install Mechanism
No install spec is used; this is effectively an instruction-only skill with an included Bun script. No external archives or downloads are staged by an installer spec. However, the script itself calls external commands (execSync) which may invoke other installers at runtime.
Credentials
The skill requests no environment variables but reads/writes config and stores a VirusTotal API key under ~/.opencode/config/gatekeeper.json. Storing the VT key locally is expected for the feature. Still, the skill will read and modify user home paths (~/.opencode/*), which is reasonable for a gatekeeper but should be accepted only if you trust the code.
Persistence & Privilege
The skill is not force-installed (always: false) and does not request platform-level privileges. It does write to its own config directory and can move/delete skill directories (quarantine), which is consistent with its purpose but means it has the ability to modify other installed skills in ~/.opencode/skill.
What to consider before installing
This skill implements the advertised audit/sandbox flow, but review the code before installing. Specific concerns: (1) gatekeeper.ts executes an external installer via child_process.execSync using a hard-coded Windows path (C:/Users/ReaMasTer/...), which is unusual and may run arbitrary code on installation — ask the author why this path is used or remove/replace it with a platform-appropriate installer call. (2) The script uses cpSync and rmSync to copy and delete skill directories (quarantine), so a bug or malicious change could remove files outside the intended directory; verify path handling and consider running only in an isolated/test environment first. (3) The tool stores a VirusTotal API key in ~/.opencode/config/gatekeeper.json — ensure you are comfortable storing that key locally. Recommended actions: inspect the full source for the execSync usage and any other external calls, run the tool inside a disposable VM/container before using it on a production machine, back up ~/.opencode, and prefer a version that uses a documented, platform-agnostic installer mechanism rather than a hard-coded path. If you cannot verify the code or get clarification, treat this skill as untrusted.gatekeeper.ts:269
Shell command execution detected (child_process).
gatekeeper.ts:3
File read combined with network send (possible exfiltration).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.Like a lobster shell, security has layers — review code before you run it.
latestvk97b6px29c1ab2vka43wy179y583646b
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
Binsbun