ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Clawbridge - Find your connections

Run Clawbridge discovery from OpenClaw chat

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 1.7k · 9 current installs · 9 all-time installs
byLee L@LeeTheBuilder
MIT-0
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill's name/description match its behavior: it runs the 'clawbridge' CLI, parses stdout for VAULT_URL and counts, and replies in chat. Requiring the 'clawbridge' binary is proportionate to this purpose.
Instruction Scope
SKILL.md only instructs the agent to exec 'clawbridge run' and parse its stdout — that's within scope. However, running a local binary gives that binary full discretion to perform network I/O, upload data to the vendor, or access local resources; the skill does not constrain or audit what the runner does. Users should treat the CLI's behavior (not the skill) as the primary data-exfiltration/privilege risk.
!
Install Mechanism
The recommended install is 'curl -fsSL https://clawbridge.cloud/install | bash' (remote script piped to shell). This is a high-risk install pattern because it runs arbitrary code fetched at install time. Although the domain matches the project's homepage, piping installers to bash from a remote URL is inherently risky and should be inspected before running.
Credentials
The skill requests no environment variables, no config paths, and only requires the 'clawbridge' binary — which is proportional to its stated purpose.
Persistence & Privilege
The skill is not always-enabled and is user-invocable; it does not request persistent system-wide privileges or modify other skills' configs. Allowing autonomous model invocation is the platform default and present here, but not by itself a red flag.
What to consider before installing
This skill itself is a thin chat shortcut that execs your local 'clawbridge' CLI and posts the Vault URL — that's expected behavior. Before installing or using it: (1) Avoid running the provided installer blindly — inspect https://clawbridge.cloud/install before piping it to bash or prefer manual installation from a verified release; (2) Understand that executing 'clawbridge run' may cause the runner to access network resources and upload data to the vendor (the skill will surface the returned VAULT_URL), so review the runner's documentation and privacy model and consider running it in an isolated environment if you have sensitive data; (3) Confirm the installer and runner code provenance (GitHub repo, release artifacts, checksums) if you need higher assurance. If you cannot or will not inspect the install script, treat installing this skill as higher risk.

Like a lobster shell, security has layers — review code before you run it.

Current versionv3.0.0
Download zip
latestvk97bqeh132nywaxd8svj3jw8rd80empx

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🌉 Clawdis
Binsclawbridge

SKILL.md

Clawbridge Skill

Optional chat command to trigger Clawbridge from OpenClaw.

What This Skill Does

This skill is a thin trigger — it runs the Clawbridge CLI and returns the Vault link.

The skill does NOT do discovery. All business logic lives in the runner.

Behavior

When the user types /clawbridge:

  1. Exec: Run clawbridge run locally
  2. Parse stdout: Extract machine-readable lines:
    • VAULT_URL=...
    • CANDIDATES_COUNT=...
    • DISCOVERY_SOURCE=... (optional)
  3. Reply in chat:
    • "Done — found X candidates."
    • "Review here: <vault url>"

Usage

/clawbridge

Or with a profile:

/clawbridge --profile myprofile

Example Output

Done — found 3 candidates.

Review here: https://clawbridge.cloud/app/workspaces/xxx/runs/xxx

Prerequisites

Don't have Clawbridge yet? Get started at:

👉 https://clawbridge.cloud

  1. Create an account
  2. Create a workspace
  3. Follow the setup instructions

Or if you already have an account:

# 1. Install runner
curl -fsSL https://clawbridge.cloud/install | bash

# 2. Link workspace (get code from your workspace page)
clawbridge link CB-XXXXXX

Architecture

User: /clawbridge
        │
        ▼
┌───────────────────────────────┐
│  Skill: exec clawbridge run   │
└───────────────────────────────┘
        │
        ▼
┌───────────────────────────────┐
│  Runner: Discovery workflow   │
│  - Build prompts (private)    │
│  - Call OpenClaw as worker    │
│  - Upload to Vault            │
│  - Print VAULT_URL=...        │
└───────────────────────────────┘
        │
        ▼
┌───────────────────────────────┐
│  Skill: Parse + reply         │
└───────────────────────────────┘

Mental Model

  • Runner = product (owns discovery strategy, prompts, ranking)
  • Web = vault + approval (review candidates, approve outreach)
  • Skill = chat shortcut (optional convenience)

You don't need this skill to use Clawbridge. Run clawbridge run directly from terminal.

Files

3 total
Select a file
Select a file to preview.

Comments

Loading comments…