ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

clawpacker

v0.2.0

Use when exporting, importing, packaging, cloning, restoring, or moving an OpenClaw agent between machines or instances, especially when the user mentions cl...

0· 127·0 current·0 all-time
byAlbarn@lc708
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name and description match the instructions: this is an instruction-only skill for packaging/moving agents and it points to a canonical 'clawpack' documentation source. It does not request unrelated binaries, env vars, or config paths.
!
Instruction Scope
The runtime instructions tell the agent to fetch a canonical SKILL.md from raw.githubusercontent.com and to 'follow that canonical document for all command details.' That grants broad authority to execute whatever commands the remote document specifies, creating a supply-chain risk. The fallback behavior (stop if fetch fails) is safe, but there is no explicit instruction to validate or sandbox the fetched content before executing it.
Install Mechanism
No install spec and no code files (instruction-only) — nothing is written to disk by the skill itself. The only network action required is fetching the canonical SKILL.md at runtime, which is higher risk than a pure offline document but is described explicitly.
Credentials
The skill declares no required environment variables, credentials, or config paths; there are no disproportionate credential requests.
Persistence & Privilege
Default privileges (always:false, model invocation allowed) — no unusual persistence or forced inclusion. The skill does not request to modify other skills or system-wide settings.
What to consider before installing
This skill itself is light and matches its description, but it tells the agent to fetch and then 'follow' a remote SKILL.md from raw.githubusercontent.com — that remote document could change and instruct the agent to run arbitrary commands. Before installing or using this skill: (1) verify the canonical URL and publisher provenance; prefer a pinned commit SHA or release URL rather than a branch (master/main); (2) require the agent to fetch the document only for manual review (do not allow automatic execution of fetched instructions); (3) inspect any fetched SKILL.md before running commands, or keep a vetted local copy; (4) consider running packaging operations in a sandbox or dry-run mode; and (5) if you need higher assurance, ask the publisher for signed releases or a reproducible release artifact rather than relying on live raw URLs.

Like a lobster shell, security has layers — review code before you run it.

latestvk97b40qc2c5z8qyf2p2k85vtnn834npk

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments