Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Pre-installation Security Check
v1.0.1Pre-installation security assessment for ClawHub skills. Run before any skill install.
⭐ 1· 70·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description (pre-install security check) match the runtime instructions (fetch metadata, score, optionally spawn a sandbox sub-agent and report). However README and SKILL.md claim additional CLI-level enforcement via scripts (scripts/openclaw-security-wrapper.sh and setup-cli-enforcement.sh) that are referenced in documentation but are not present in the shipped file manifest — this mismatch is unexplained and reduces trust.
Instruction Scope
SKILL.md instructs the agent to fetch ClawHub/GitHub metadata, compute risk, and (when appropriate) spawn an isolated sub-agent to run 'openclaw skill install' and grep the installed files for risky patterns. Those actions are within the stated purpose, but two issues stand out: (1) the sub-agent will execute 'openclaw skill install' automatically in sandboxed context — if the parent agent invokes this skill autonomously it may trigger installs inside subagents without obvious user-visible steps; (2) SKILL.md asserts 'Security check cannot be skipped or bypassed', yet the README admits users can bypass via terminal and references wrapper scripts that are not included. The combination of claimed enforcement and missing enforcement artifacts is concerning.
Install Mechanism
This is an instruction-only skill with no install spec and no code files to execute on the host. That minimizes direct installation risk; there are no download URLs or extract operations in the bundle.
Credentials
The skill declares no required environment variables, binaries, or config paths. The sandbox grep looks for references to common credential paths (e.g., ~/.ssh, ~/.aws) but it does not request credentials itself. Requested privileges are therefore proportionate to the stated purpose.
Persistence & Privilege
always:false and disable-model-invocation:false (defaults) are appropriate. However, the skill's ability to spawn sub-agents and run an install workflow means an agent could perform sandbox tests (and in-subagent installs) autonomously if it chooses to invoke this skill — this increases blast radius relative to a purely manual check. The missing CLI wrapper (referenced as preventing bypass) would have introduced more persistence; its absence reduces but does not eliminate risk.
What to consider before installing
This skill appears to implement a reasonable pre-install security workflow, but there are unresolved inconsistencies you should address before trusting it: 1) The README references CLI wrapper/setup scripts to enforce checks, but those scripts are not included — ask the author why and request the wrapper code if you expect CLI-level enforcement. 2) Because the skill can spawn sub-agents and run 'openclaw skill install' inside them, confirm how your agent platform sandboxes sub-agents and whether those sub-agents truly isolate network, credentials, and persistent storage. 3) Review the upstream GitHub repo (the skill will fetch metadata) yourself before approving any automatic install; verify stars, recent commits, and look for the missing scripts. 4) Prefer to run the first few checks manually or in a tightly controlled environment (throwaway account or VM) until you confirm the tool's behavior. If you plan to allow autonomous invocation, require higher trust (e.g., verified org, included wrapper code, or an explicit manual review) before giving it free rein.Like a lobster shell, security has layers — review code before you run it.
latestvk972cywbkqjeea4prz2t0ch2hx83vng4
License
MIT-0
Free to use, modify, and redistribute. No attribution required.