ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Threat Radar

v1.0.0

Continuously scans Docker images, dependencies, network ports, SSL/TLS, and OpenClaw config for CVEs; alerts via WhatsApp, Telegram, or Discord.

0· 429·0 current·0 all-time
by@mariusfit
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The description promises alerting via WhatsApp/Telegram/Discord and automatic CVE feeds from NVD/GitHub, but the package declares no required credentials or webhook URLs and the bundled code uses a mocked local CVE dataset rather than pulling live feeds. Also SKILL.md shows a CLI with commands like `threat-radar cron-install`, but no install mechanism is provided to expose a `threat-radar` executable. These are inconsistencies between stated capabilities and what is requested/installed.
!
Instruction Scope
SKILL.md and the code instruct the agent to scan Docker images, filesystem dependency files, local network ports, SSL/TLS endpoints and OpenClaw configuration. Those actions legitimately require local file and network access and the code will create config/db files under ~/.openclaw/workspace/monitoring/threat-radar. This is consistent with a scanner, but it also means the skill will read potentially sensitive local files (OpenClaw credential files, package manifests) and perform network scans — SKILL.md does not clearly enumerate what local data will be read or require explicit consent, which is scope creep for users who expect minimal access.
!
Install Mechanism
There is no install spec even though SKILL.md advertises a CLI (threat-radar) and management commands like cron-install. The skill includes a Python file but no guidance on how it becomes a system command or how cron-install is implemented. Lack of an install procedure is an incoherence — either the agent must run the script directly, or the skill should provide a safe, explicit install step; neither is present.
!
Credentials
The skill requests no environment variables or credentials, yet promises to send alerts via WhatsApp/Telegram/Discord — integrations that normally require webhook URLs, tokens, or phone credentials. The absence of declared credentials is disproportionate to the alerting capability described. The skill will also create and write config, DB, logs under the user's home directory which could contain sensitive data; the SKILL.md and manifest do not declare or justify this access.
Persistence & Privilege
The skill is not force-installed (always:false) and model invocation is allowed (default). However, SKILL.md exposes a `cron-install` command and the code writes persistent config (db, cve cache, history, logs) into the user's workspace. Scheduled scans (cron) would give the skill ongoing presence and periodic network/file access; because no install spec details what cron-install does, this persistence is notable and should be reviewed before enabling.
What to consider before installing
What to consider before installing: - Ask the publisher for a homepage/source and documentation that explains how alerts are delivered (what webhook/tokens are required) and where they are stored. The skill promises WhatsApp/Telegram/Discord alerts but declares no credentials — do not assume alerts are configured automatically. - Review the remainder of threat_radar.py (the parts not shown) to confirm how it sends notifications and what network endpoints it calls. Look specifically for any hard-coded endpoints, webhook URLs, or obfuscated network calls. - Confirm what `cron-install` modifies: ask for the exact code or commands it runs. Prefer to run scans ad-hoc first rather than enabling scheduled tasks system-wide. - Because the scanner reads package manifests, Docker images, and OpenClaw config and writes logs/DB under ~/.openclaw, run it in a restricted test environment (or container) first to verify behavior and avoid exposing production credentials or sensitive files. - If you want to use alerting channels, require explicit configuration: webhook URLs or tokens should be set by you and documented; do not provide any broad credentials (SSH keys, cloud keys) unless absolutely necessary and justified. - If the publisher cannot provide source/installation clarity or the code that performs notifications, treat this skill as untrusted. What would change this assessment: seeing the full source for notification/cron-install code (showing it only uses user-supplied webhook URLs and documents cron changes), or a clear install spec that safely registers the CLI and documents required credentials would reduce the concerns.

Like a lobster shell, security has layers — review code before you run it.

latestvk971z63tx23bks0smqhs4fe9hn81rnpk

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments