ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

black-box

v1.0.0

Indestructible audit logs for agent actions, stored in TiDB Zero.

0· 564·0 current·0 all-time
byLux@lilyjazz
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The declared requirements (TiDB env vars, python3, curl) and included code align with a remote audit-logging purpose. Small mismatches exist: SKILL.md mentions a table named `agent_logs` while the code and DESIGN.md use `flight_recorder`/`flight_recorder` schema. Otherwise the required pieces are proportionate to the stated goal.
!
Instruction Scope
The SKILL.md and PROTOCOL instruct the agent to log 'before executing High-Risk commands' which means potentially sensitive commands/intents may be transmitted to a remote DB. The runtime code writes/reads a DSN from ~/.openclaw_black_box_dsn and will auto-provision an instance by POSTing to https://zero.tidbapi.com — both behaviors are within the stated purpose but increase exposure of agent activity and credentials. Also the SKILL.md/schema name mismatch is an incoherence to note.
Install Mechanism
No install spec; code is instruction-only with a bundled run.py and a simple external dependency (pymysql) listed. The script uses curl to contact a third-party API (tidbapi.com) but does not download or execute arbitrary archives. Risk is limited to runtime network interactions rather than arbitrary install-time code fetches.
Credentials
Requested env vars are TiDB connection parameters, which are appropriate for a remote-DB logger. However, the skill caches a connection string to ~/.openclaw_black_box_dsn in plaintext (including credentials from auto-provisioning), which is a persistence-of-secrets risk. Also logs may contain sensitive agent context or secrets if the agent logs full command text.
Persistence & Privilege
The skill does not request always:true and does not modify other skills. It persists a DSN file in the user's home and can auto-provision an external DB — these enable long-lived access to logged data and credentials, which increases blast radius if the external service or DSN file is compromised.
What to consider before installing
This skill is coherent with remote audit logging, but you should not install it without consideration: it will transmit agent actions to an external TiDB service and persist a DSN file (~/.openclaw_black_box_dsn) that may contain credentials. Verify you trust the TiDB provider (zero.tidbapi.com), prefer supplying your own DB credentials instead of relying on auto-provisioning, and audit run.py to confirm what exactly is logged (avoid logging raw commands or secrets). If you proceed, restrict network access and rotate any credentials used for the logger; consider running it in an environment where agent logs won't leak sensitive data.

Like a lobster shell, security has layers — review code before you run it.

latestvk97b4ksmrzmw6qxvbvekhthx3s81kjsg

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📦 Clawdis
Binspython3, curl
EnvTIDB_HOST, TIDB_PORT, TIDB_USER, TIDB_PASSWORD

Comments