Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Skill Security Vet
v2.0.0技能安全審核 - 整合本地掃描 + VirusTotal 雲端威脅情報
⭐ 0· 137·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name and description claim a skills security vet that integrates local scanning and VirusTotal — the code implements that for ~/.opencode/skill and VirusTotal lookups, which is coherent. However the vet.ts also implements a full local-disk scanner (scanLocalComputer) with support for scanning system drives and suspicious binary extensions; that broad disk scanning and file-level handling is not clearly advertised in SKILL.md examples, creating a capability mismatch.
Instruction Scope
The SKILL.md examples only show scanning installed skills and configuring a VirusTotal API key. The code supports additional modes (local, full) that traverse filesystem roots, examine many file types, compute hashes, call VirusTotal, and can quarantine or remove files. Those instructions/behaviour (disk-wide scanning, removing/quarantining files) are not clearly surfaced in SKILL.md, which grants the skill broad discretion over local files.
Install Mechanism
No external download/install steps; the skill is designed to run under bun and has no network install URL. There are no archive downloads or third-party package installs in the manifest.
Credentials
The skill requests no cloud credentials up-front and uses a user-provided VirusTotal API key configured via CLI (reasonable). However SKILL.md claims 'secure storage' of the API key while the code persists configuration as plain JSON under ~/.opencode/config (skill-vet.json / security-scan.json), which is not encrypted and may be readable by other local users. Also the skill reads HOME/USERPROFILE and will operate on system paths; this access is broader than the SKILL.md explicitly warns about.
Persistence & Privilege
The code defaults to enabling auto-scan/auto-quarantine behavior in places (loadConfig defaults autoScanOnStartup: true and autoQuarantine: true in startup-scan fallback), and includes functions that copy then rmSync files/directories (quarantine/ removal). While the skill is not marked always:true, these automatic removal/quarantine capabilities give it destructive privileges on the user's skill directory and, in full/local mode, potentially other files on disk. SKILL.md does not make these defaults explicit.
What to consider before installing
This skill can scan installed skills and query VirusTotal, which matches its description — but it also contains a full-disk scanning mode and can automatically quarantine or delete files. Before installing or running it: 1) Inspect the code yourself or run it in a sandbox or VM first. 2) Disable automatic actions (autoQuarantine/autoRemove/autoScanOnStartup) in the config before running scans. 3) Do not provide your VirusTotal API key until you confirm where it is stored (the code writes plain JSON to ~/.opencode/config). 4) Backup ~/.opencode/skill (and important data) so you can recover if the tool quarantines or removes files. 5) If you only want skill-level checks, run the tool with explicit arguments (e.g., scan for specific skills) and avoid 'local' or 'full' modes. If you are not comfortable reviewing the code or running it in an isolated environment, treat this skill as high-risk.vet.ts:3
File read combined with network send (possible exfiltration).
About static analysis
These patterns were detected by automated regex scanning. They may be normal for skills that integrate with external APIs. Check the VirusTotal and OpenClaw results above for context-aware analysis.Like a lobster shell, security has layers — review code before you run it.
latestvk97e61r3n7301bnqgwecywx8sh8371e9
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
Binsbun