ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Situation Monitor

v0.1.2

Triages Discord activity and Kubernetes incidents into ranked situation reports with fixture-first demos, live Discord and Apify intake, Contextual-grounded...

0· 65·0 current·0 all-time
by@mohnishb-ai
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill claims to triage Discord and Kubernetes incidents (reasonable), but the bundle actually contains both a Python OpenClaw skill and a Node.js Apify actor, plus a cluster incident trigger script (02-incidents.sh) that runs kubectl and gcloud. The registry metadata only lists bash and python3 as required binaries and declares no env vars, yet the README and docs require many sensitive env vars (REDIS_URL, FRIENDLI_TOKEN, APIFY_TOKEN, APIFY_ACTOR_ID, CONTEXTUAL_API_KEY, CONTEXTUAL_AGENT_ID, KUBECONFIG, DISCORD_BOT_TOKEN, etc.) and Node. That discrepancy is not proportionate to the published requirements.
!
Instruction Scope
SKILL.md and the README instruct the operator/agent to run scripts/mts (bootstraps a Python venv and installs the package), run npm install/node main.js for the Apify actor, upload runbooks to Contextual, and optionally run 02-incidents.sh which intentionally injects failures (OOM, bad image) and can delete a GKE cluster. These instructions reference reading local files (KUBECONFIG, runbooks), calling external services (Apify, GCP, GitHub, FriendliAI, Contextual, Discord), and performing destructive cluster operations — all outside what the registry metadata indicated.
!
Install Mechanism
No formal install spec is published for OpenClaw, yet the repo expects two installation flows: Python package install (handled by scripts/mts) and an npm install for the Apify actor. The metadata didn't declare Node/npm as required, and there's no automated, vetted install step for the Node actor. The lack of a clear, whitelisted install mechanism for the Node actor and its many npm deps increases operational risk.
!
Credentials
The code and docs require multiple sensitive credentials and config paths (API tokens for Apify, Friendli, Contextual, Discord bot token, REDIS_URL, and KUBECONFIG) and expect cluster admin actions via kubectl/gcloud. None of these are declared in the skill's registry metadata. Requesting KUBECONFIG and running kubectl/gcloud is high-privilege and must be explicit; the current omission is disproportionate and risky.
!
Persistence & Privilege
The skill is not marked always:true, but it contains scripts capable of destructive actions (applying deployments that cause OOMs, rolling back, and a destroy command that deletes a GKE cluster). Those actions are part of the demo but could be executed if the agent or an operator runs the script against a real cluster. The skill does not declare or limit required privileges (e.g., recommends 'hackathon-only' cluster but does not enforce it).
What to consider before installing
Before installing or enabling this skill: - Treat it as high-risk until the maintainer clarifies requirements. The published metadata lists only bash and python3, but the repo and docs also require node/npm, kubectl, gcloud, and many sensitive API tokens (Apify, Friendli, Contextual, Redis, Discord). Ask the author to update SKILL metadata to list all required binaries, env vars, and config paths. - Do NOT run demo trigger commands (02-incidents.sh trigger* or destroy) against any real/production cluster. Those scripts intentionally inject failures and can delete a GKE cluster. - If you need to evaluate safely, run the skill in an isolated environment: a disposable hackathon-only cluster and a sandboxed gateway with least-privilege service accounts (KUBECONFIG referencing a limited-access account), and network egress controlled for third-party tokens. - Ensure a formal install step is added (or follow author instructions) that documents npm install for the Apify actor and Python venv creation so dependencies are reproducible and auditable. - Verify who will have access to the listed tokens and whether the OpenClaw host will store them securely; treat REDIS_URL, FRIENDLI_TOKEN, APIFY_TOKEN, CONTEXTUAL_API_KEY, and DISCORD_BOT_TOKEN as sensitive secrets. - If the skill will run in a hosted OpenClaw instance, require an admin review and a configuration checklist: (1) KUBECONFIG points to a non-production, limited account; (2) Node/npm are installed in a controlled environment; (3) required env vars are added intentionally; (4) destructive demo commands are disabled or removed. If the author provides corrected metadata (declare all env vars and binaries), an explicit non-destructive default config, and an install spec for Node, this assessment could move toward 'benign'.
!
main.js:2
File read combined with network send (possible exfiltration).
About static analysis
These patterns were detected by automated regex scanning. They may be normal for skills that integrate with external APIs. Check the VirusTotal and OpenClaw results above for context-aware analysis.

Like a lobster shell, security has layers — review code before you run it.

latestvk978rjgqnyanx8h04jy7kg84g983jrg5

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binsbash, python3

Comments