ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

asclaude-grep

v1.0.0

asclaude-grep enables fast, case-insensitive, regex-supported content and filename search across multiple file types within local workspaces without external...

0· 16·0 current·0 all-time
bySherman Schulist@miaoxingjun
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill's name and description match the included Python tool which uses grep and find to search ~/.openclaw/workspace. However the registry metadata claims no required binaries and no OS restriction while the code depends on Unix utilities (grep, find). That mismatch (missing required-binaries and missing OS restriction) is incoherent.
Instruction Scope
SKILL.md instructs running the included script to search the OpenClaw workspace and the script confines activity to the expanded path (~/.openclaw/workspace). The runtime instructions do not request unrelated files, external endpoints, or extra credentials.
Install Mechanism
There is no install spec (instruction-only plus a small script). No remote downloads or archive extraction are involved, so installation risk is low.
Credentials
The skill does not request environment variables or credentials. The script only reads a hardcoded workspace path and does not access secrets or config files.
Persistence & Privilege
always:false and normal invocation model. The skill does not modify other skills or system configuration and does not request persistent privileges.
What to consider before installing
This skill is small and its code is readable, but note two practical issues before installing: (1) the script calls the system 'grep' and 'find' binaries — ensure your environment provides them (it will not work on plain Windows without a Unix-like shell), and the package metadata should declare these as required; (2) it searches and prints content from ~/.openclaw/workspace — verify that this path points to the data you expect (watch for symlinks or sensitive files). If you accept those constraints, the tool appears to do what it claims. If you require stronger guarantees, request the author to add explicit required-binaries and OS metadata and/or allow configuring the workspace path rather than using a hardcoded location.

Like a lobster shell, security has layers — review code before you run it.

latestvk97dtvw40v1wx3fak99nafnsj98489at

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments