ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

test

v0.0.1

Performs a two-phase audit with a fast structural scan and a detailed expert review focusing on security, cron jobs, config, and skill quality.

0· 45·0 current·0 all-time
by@merlinrabens·duplicate of @merlinrabens/clawcheck
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The code and SKILL.md implement a local audit (security, cron, config, skills) that aligns with the description. However there are several metadata mismatches: the registry lists the skill as 'test' (slug 'clawhealth', version 0.0.1) while the packaged files are for 'clawcheck' (_meta.json name 'clawcheck', version 2.0.0, SKILL.md name 'clawcheck'). SKILL.md and _meta.json declare a python3 requirement but the registry metadata lists no required binaries/env. These provenance/version inconsistencies are unexplained and worth verifying with the publisher before trusting the package.
Instruction Scope
The runtime instructions and scripts explicitly read local OpenClaw state (e.g., ~/.openclaw/openclaw.json, cron/jobs.json, workspace/*) and other skills' SKILL.md files. That is coherent with an audit tool, but Phase 2 (LLM deep review) will cause the agent to read and evaluate possibly sensitive files (including files that may contain secrets). The instructions do not instruct the agent to exfiltrate data externally, but by design Phase 2 will send content to whatever model the agent uses — confirm you are comfortable with sending the inspected content to your model provider.
Install Mechanism
No install spec is provided (no arbitrary downloads). The package includes a local Python script using only the standard library. That lowers install risk — nothing is automatically written to disk beyond the files included in the skill bundle. The README asserts no network access and the script appears to use local filesystem only.
Credentials
The skill requests no credentials or environment variables in registry metadata. The SKILL.md/_meta.json declare only a binary requirement (python3). The audit script scans for secrets but does not require any secret or external API key to run. This is proportionate for an offline audit tool.
Persistence & Privilege
The skill is not forced-always (always: false) and allows user invocation. It does not request persistent platform privileges and the included script performs reads and analysis only; there are no obvious writes or modifications to system/agent configuration in the provided code. Autonomous invocation is permitted by default but not unusually privileged here.
What to consider before installing
What to check before installing/running: - Confirm provenance: the package files identify themselves as 'clawcheck' (version 2.0.0) while registry metadata calls it 'test' / slug 'clawhealth' (v0.0.1). Ask the publisher which is correct or prefer an official source (homepage/GitHub) before trusting it. - Review the included scripts locally (scripts/audit.py) before execution. The script scans your OpenClaw directory (~/.openclaw), cron jobs, and workspace files and will read any files it finds — this is expected, but verify you want those files read. - Run Phase 1 (the deterministic scan) first; it is local and quick. Inspect Phase 1 output and any flagged files for true/false positives before running Phase 2 (LLM deep review), because Phase 2 will involve sending flagged content to your selected model and that may leak sensitive data to the model provider. - Back up ~/.openclaw/openclaw.json (or any state files) before running anything that analyzes your config, and ensure no unintentional tokens are present in files you don’t want shared. - If you want stronger assurance, ask the publisher for a verifiable release (signed or hosted on a public repo) and for the rationale behind the metadata/version mismatch. Bottom line: the tool appears to do what it claims, but metadata/provenance inconsistencies and the fact Phase 2 will expose file contents to your agent/model are reasons to proceed cautiously.

Like a lobster shell, security has layers — review code before you run it.

latestvk9788prvg4dam55c0ntybmat3h83j5jv

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments