ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Raon OS

v0.7.28

AI-powered startup companion for Korean founders. Evaluate business plans, match government funding programs (TIPS/DeepTech/Global TIPS), connect with 3,972+...

0· 724·2 current·2 all-time
byTomas@lifeissea
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (startup companion, biz-plan evaluation, gov-funding matching, Kakao integration, RAG pipeline, crawlers) align with included files (evaluation scripts, crawlers, rag_pipeline, server, kakao webhook helpers, widget). Required bins (python3, node) are appropriate: python drives core logic and node provides a thin CLI wrapper. No bizarre or unrelated credentials/binaries are requested.
Instruction Scope
SKILL.md instructs running local server (default port 8400), CLI scripts (raon.sh), and crawlers that fetch public government sites; it also specifies storing LLM API keys in ~/.openclaw/.env and running evaluate scripts on PDF content. These instructions stay within the declared purpose, but they do instruct the agent to read/write local files (eval_data/, ~/.openclaw/.env, history.jsonl) and to make outbound HTTP requests to public sites. The skill also suggests using install-service.sh and exposing endpoints via ngrok — actions that increase network exposure and should be reviewed by the user before execution.
Install Mechanism
No external download/install step in registry metadata (instruction-only install). The package includes source files bundled with the skill; there is no installer that fetches remote archives. That is lower risk than remote downloads. The bundle does include a script that can install a system service (install-service.sh mentioned in README) — review that script before running.
Credentials
SKILL.md documents optional LLM API keys (GEMINI/OPENROUTER/ANTHROPIC/OPENAI) and optional SaaS/Supabase variables for managed mode or feedback storage. Those environment variables are coherent with the described LLM and persistence features. The skill does recommend storing API keys in ~/.openclaw/.env (chmod 600 suggested) — this is expected but worth noting because secrets are persisted to disk. No unrelated credentials (AWS, SSH, etc.) are requested by default.
Persistence & Privilege
The skill does not request always:true and uses default autonomous invocation behavior. It will run a local HTTP server, create and append to local data files (eval_data/*.jsonl, history.jsonl, ~/.openclaw/.env), and the README mentions installing a system service. These behaviors are consistent with a local agent/toolset but do mean the skill will persist data and open network endpoints if you run the server or the install-service script — review those steps and firewall settings before exposing anything publicly. The SKILL.md includes sensible cautions (admin API restricted to localhost, advice to block /api/keys/* via nginx/firewall).
Assessment
This skill appears to do what it says (business-plan evaluation, government program crawlers, RAG, local REST API). Before installing or running it, consider: 1) Secrets: it recommends storing LLM API keys in ~/.openclaw/.env — ensure that file is protected (chmod 600) or keep keys in a secure vault; 2) Local server exposure: by default it runs an HTTP server (port 8400) and includes instructions for ngrok and installing a service — do not expose the server to the public without reviewing server.py, admin endpoints, and adding proper firewall/reverse-proxy protections; 3) Persistence: the skill writes data under eval_data/ and history files and may append to JSONL files; if you are concerned about sensitive PDFs or PII, run it in an isolated environment or container and inspect parse/evaluate scripts first; 4) Review install-service.sh and any systemd/service scripts before using them; 5) Allowed-domain fetch: the crawlers fetch public government sites and the code documents an allowlist for realtime fetches — if you plan to expose the server to third parties, verify the is_allowed_url() logic in server/rag_pipeline to ensure arbitrary outbound fetches are blocked; 6) Test code note: the repo includes test fixtures (conftest.py) that mock authentication for tests — this is normal for tests but ensure you are not running the test harness in production mode. If any of these behaviors are unacceptable, run the skill in a sandbox or review/modify the code before use.
bin/raon-os.js:10
Shell command execution detected (child_process).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk977ngsn7y48trx6bnx4gmwbxh83rb54

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binspython3, node
Environment variables
GEMINI_API_KEYoptionalGoogle Gemini API key (recommended for embeddings + LLM)
OPENROUTER_API_KEYoptionalOpenRouter API key (multi-model access)
ANTHROPIC_API_KEYoptionalAnthropic Claude API key
OPENAI_API_KEYoptionalOpenAI API key
KAKAO_CALLBACK_SECREToptionalKakao i OpenBuilder webhook HMAC secret (optional)
RAON_API_URLoptionalManaged API endpoint (optional, for SaaS mode)
RAON_API_KEYoptionalManaged API key (optional, for SaaS mode)

Comments