ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

RTK Rewrite

v0.15.3

RTK rewrite plugin for OpenClaw. Intercepts exec tool calls and delegates rewrites to rtk rewrite to reduce token usage while preserving command intent.

0· 316·1 current·1 all-time
by@luw2007
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description say it will intercept exec calls and delegate to `rtk rewrite`. The TypeScript hook registers a before_tool_call for toolName === 'exec' and calls `rtk rewrite <cmd>`; config flags match the declared behavior. No unrelated credentials, binaries, or paths are requested by the plugin.
Instruction Scope
SKILL.md and index.ts stay within the claimed scope (intercept exec, call rtk, optionally write audit logs). Notable: the plugin logs original commands to an audit file when audit is enabled, which may record sensitive arguments or secrets. The plugin also replaces and returns the rewritten command for execution — the security of that behavior depends on trusting the `rtk` binary.
Install Mechanism
The skill is instruction-only (no install spec) and requires manual copying into the extensions directory. The README suggests installing `rtk` via Homebrew or a curl | sh installer from a GitHub raw URL; fetching and running remote install scripts is a separate risk (not part of this plugin) that users should evaluate before running.
Credentials
The plugin itself requires no credentials or special env vars. It reads RTK_AUDIT_DIR and HOME for audit log placement, which is reasonable. However, enabling auditing will persist original commands to disk (possible sensitive data), and the plugin delegates functionality to the external `rtk` tool which may require its own credentials or network access — review `rtk`'s own requirements before trusting it.
Persistence & Privilege
The plugin is not always-enabled by default and does not request global privileges. Installation requires copying files into the user's OpenClaw extensions directory and enabling the plugin in config, which is normal for plugins and limited in scope.
Assessment
This plugin appears to do exactly what it claims: intercept exec calls and call your local `rtk rewrite`. Before installing, verify and trust the `rtk` binary you will delegate to (review its source or install method). Avoid enabling audit logging if your commands may contain secrets (or ensure auditDir is a secure local path). Prefer installing RTK from a trusted package manager over piping a remote install script to sh. Test the plugin in a safe environment (verbose mode, with rewriting enabled/disabled) to confirm rewrites are correct and do not change command intent in ways you don't expect.
index.ts:16
Shell command execution detected (child_process).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk973x5rvsf7h8cfk9fh7f2jj3582qfq9

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments