ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Skill Security Scanner

v1.0.0

Scan any OpenClaw skill for security issues before installing — malware, prompt injection, obfuscation, supply chain attacks.

0· 32·0 current·0 all-time
byBlossom@mackding
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name and description match the included instructions and helper script: this is a scanner that analyzes skill directories. However the shipped wrapper imports @claws-shield/scanner and the README suggests using npx @claws-shield/cli — the package that actually performs scanning is external and not included or declared in the skill metadata, which is an incoherence in provenance.
Instruction Scope
SKILL.md only instructs running the scanner against a provided skill path and lists expected output. That scope is appropriate for a scanner. But a scanner necessarily reads arbitrary files in the target skill (including .env, config, and other sensitive files) — this behavior is expected but should be highlighted. Also the recommended invocation (npx) will fetch and run remote code at runtime, which expands the execution surface beyond the local files shown.
!
Install Mechanism
There is no install spec and the skill is effectively instruction-only, but scripts/run-scan.mjs imports @claws-shield/scanner and SKILL.md recommends npx @claws-shield/cli. That implies fetching code from the npm registry at runtime. Because the registry package, homepage, or repo are not provided in the skill metadata, this creates a supply-chain and provenance risk: the actual scanning logic could be arbitrary remote code.
Credentials
The skill declares no environment variables or credentials, which is proportionate. However scanners read entire skill directories and may therefore access sensitive files (env samples, secret keys, tokens) within the target — this is expected but you should be aware the tool will see those secrets during a scan.
Persistence & Privilege
The skill is user-invocable, not always-enabled, and does not request persistent privileges or configuration changes. It does not claim to write system-wide settings or modify other skills.
What to consider before installing
This skill mostly does what it says, but the actual scanner logic is external (@claws-shield/scanner / @claws-shield/cli) and not included or documented in the metadata — that creates supply-chain risk. Before installing or running: 1) Inspect the npm package (@claws-shield/cli and @claws-shield/scanner): verify the package owner, homepage/repo, recent publishing history, and review its code or release tarball checksum. 2) Prefer a vendorized or pinned install spec (provide the scanner code inside the skill or a verified release URL) rather than running npx on an unknown package. 3) Run any scans in an isolated environment (sandbox/VM) and avoid scanning directories that contain production secrets unless you trust the scanner. 4) Ask the publisher for provenance (source repo, signed releases, contact) and for an explicit install spec. If you cannot verify the external scanner package, treat running this skill as equivalent to executing unreviewed remote code.

Like a lobster shell, security has layers — review code before you run it.

latestvk970hb2da4rwh20fs1ymy5n7y5841776

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments