ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

WOL

v1.0.2

Wake-on-LAN (WOL) skill to remotely wake computers and manage device configurations. Use when user says: (1) 帮我唤醒XXX电脑 or 唤醒XXX (wake a specific computer by...

0· 365·1 current·1 all-time
by@lroyia
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
Purpose & Capability
Name, description, SKILL.md, and the included scripts/wol.py are coherent: the script reads/writes a local devices YAML, looks up MACs (devices file or ARP), computes broadcast addresses, and sends magic packets — exactly what a Wake-on-LAN tool needs.
Instruction Scope
Runtime instructions only instruct the agent to run the bundled Python script and to avoid revealing full MACs; the script itself performs file I/O (references/devices.yaml), subprocess calls (arp), and network sends. The prohibition on exposing full MACs is reasonable, but the SKILL.md cannot technically prevent an agent from reading the YAML by other means—operations that access the file are necessary for the skill's purpose.
Install Mechanism
No install spec is provided (instruction-only with bundled code). This minimizes third-party downloads; the included Python script is executed from the skill workspace which is expected for a code-backed skill.
Credentials
The skill requests no environment variables or external credentials. Network and local-file access (ARP subprocess, UDP broadcast, read/write devices.yaml) are proportionate to Wake-on-LAN functionality.
!
Persistence & Privilege
The skill is marked always:true in metadata which forces it to be present in all agents. For a skill that can perform network operations and read/write a local devices file, always:true is unnecessary and increases potential blast radius if the skill is invoked autonomously.
What to consider before installing
This skill appears to implement Wake-on-LAN correctly, but you should not install it with always:true enabled. always:true forces the skill into every agent run and increases risk because the skill can run network operations and read/write a local devices file. If you want this functionality, consider: (1) ask the publisher to remove metadata 'always':true so the skill is only user-invocable, (2) review the included scripts/wol.py yourself (it is bundled) for any changes before installing, (3) ensure references/devices.yaml is stored with appropriate filesystem permissions, and (4) run the skill in an environment where UDP broadcasts and arp calls are acceptable. If you cannot review the code, do not enable always:true and restrict the skill to manual invocation only.

Like a lobster shell, security has layers — review code before you run it.

latestvk977wfje5ptp6qhhysg8wtbsgn82n2s1

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments