Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Sysclaw Ops
v1.6.2SysClaw operator skill for processing agent requests and managing the cross-agent communication system. Use when SysClaw needs to check for pending agent req...
⭐ 0· 117·0 current·0 all-time
byMorten Bojer@mbojer
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill's stated purpose (server-side SysClaw operator) reasonably requires DB credentials and a Telegram token; the SKILL.md explicitly lists SYSCLAW_DB_* and a Telegram bot token. However the registry metadata declares no required env vars or primary credential — a clear mismatch. The SKILL.md also describes capabilities beyond simple notification handling (executing approved requests such as installs, config edits, restarts) that imply SSH or elevated system privileges; those access needs are not declared in the registry.
Instruction Scope
SKILL.md instructs the agent to read/write multiple DB tables, process verdicts, write security assessments, and (when approving requests) execute actions on infrastructure. It assumes the agent session has access to SSH and DB tools and describes creating an OpenClaw cron job. This grants the runtime the ability to execute arbitrary commands on hosts based on DB records/payloads — a high-impact operation. The docs also contain inconsistent terminology (resolvers/escalation fields referencing 'virus' in places), suggesting sloppy editing and potential hidden assumptions.
Install Mechanism
Instruction-only skill with no install spec and no code files reduces surface area for supply-chain installs. No downloads or package installs are requested by the skill itself.
Credentials
SKILL.md requests a full set of DB credentials (host, port, db name, user, password) and a Telegram token; it also requires DB privileges that include UPDATE on verdict/status columns and INSERT on notifications — significant write privileges. The registry metadata, however, lists no required env vars, so callers would not be warned about providing these secrets. The SKILL.md also implies need for SSH/session access but does not declare how keys/credentials are supplied or limited. The combination (DB write + potential remote command execution + messaging token) is high privilege and should be justified and constrained.
Persistence & Privilege
always:false (normal), but the skill documents creating an OpenClaw cron job that will run periodically with access to DB and SSH tools. Periodic autonomous runs plus broad execution power increases blast radius even though 'always' isn't set. Verify who can create/approve such cron jobs and whether the cron job will run with least privilege.
What to consider before installing
Do not enable this skill in production until you confirm the missing pieces and harden privileges. Specific checks: (1) Ask the publisher why registry metadata declares no required env vars while SKILL.md requires DB creds and a Telegram token. (2) Require a dedicated DB role with the minimal GRANTS listed, verify those grants in your DB, and ensure the role cannot run arbitrary SQL beyond the intended updates. (3) Confirm how SSH/command execution is performed — prefer ephemeral jump-host sessions or human-approved runbooks rather than automatic execution based on DB payloads. (4) Require OpenClaw cron job creation to be approved by an operator and limit its session capabilities. (5) Verify secure storage/rotation of the Telegram token and that escalations require human approval for high-risk actions. (6) Ask for the concrete implementation (code or agent session policy) to audit parameterized queries, input validation (avoid executing commands derived from untrusted payloads), and logging/immutable audit trails. The presence of leftover 'virus' strings and metadata mismatches is a quality signal — request publisher clarification before trusting the skill.Like a lobster shell, security has layers — review code before you run it.
latestvk97d80hk6t4s042rc0c85khm31832fez
License
MIT-0
Free to use, modify, and redistribute. No attribution required.