PCAP Analyzer
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: pcap-analyzer Version: 0.1.0 The skill is classified as suspicious due to its critical reliance on an external, unprovided script located at a hardcoded path (`/home/tom/openclaw-tools/pcap_summary.sh`). This dependency is explicitly stated in `SKILL.md` (as a required file), `scripts/analyze.sh` (as the preferred execution path), and `skill.yaml` (as the primary command). The actual behavior of the skill is unknown and entirely dependent on this external script, posing a significant supply chain risk and potential for arbitrary code execution if the external script is malicious or vulnerable to input injection.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Invoking the skill may run local code that was not included in the reviewed package; results and side effects depend on whatever script exists at that path.
The skill's runnable command executes a developer-specific absolute-path helper outside the packaged files instead of the included scripts/analyze.sh. That helper is not included in the artifacts, so its behavior cannot be reviewed even though it is the primary execution path.
command:\n run: /home/tom/openclaw-tools/pcap_summary.sh {{pcap_path}}Package and review the helper script, or change the command to use the bundled scripts/analyze.sh. Declare required binaries/files in registry metadata and avoid user-specific absolute paths.
A malformed or adversarial PCAP path could cause unintended arguments or commands to be processed, depending on the runner's execution semantics.
The user-supplied file path is inserted into a command string without visible quoting or argv separation. If the command runner invokes this through a shell, paths containing spaces or shell metacharacters could be split or interpreted unexpectedly.
run: /home/tom/openclaw-tools/pcap_summary.sh {{pcap_path}}\ninputs:\n - name: pcap_path\n description: Full path to the PCAP filePass the PCAP path as a safely separated argument, quote or escape it explicitly, validate that it points to a .pcap/.pcapng file, and prefer the bundled wrapper that quotes "$PCAP".