PCAP Analyzer
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Invoking the skill may run local code that was not included in the reviewed package; results and side effects depend on whatever script exists at that path.
The skill's runnable command executes a developer-specific absolute-path helper outside the packaged files instead of the included scripts/analyze.sh. That helper is not included in the artifacts, so its behavior cannot be reviewed even though it is the primary execution path.
command:\n run: /home/tom/openclaw-tools/pcap_summary.sh {{pcap_path}}Package and review the helper script, or change the command to use the bundled scripts/analyze.sh. Declare required binaries/files in registry metadata and avoid user-specific absolute paths.
A malformed or adversarial PCAP path could cause unintended arguments or commands to be processed, depending on the runner's execution semantics.
The user-supplied file path is inserted into a command string without visible quoting or argv separation. If the command runner invokes this through a shell, paths containing spaces or shell metacharacters could be split or interpreted unexpectedly.
run: /home/tom/openclaw-tools/pcap_summary.sh {{pcap_path}}\ninputs:\n - name: pcap_path\n description: Full path to the PCAP filePass the PCAP path as a safely separated argument, quote or escape it explicitly, validate that it points to a .pcap/.pcapng file, and prefer the bundled wrapper that quotes "$PCAP".