ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Matrix Server Management

v1.0.0

Manage the Tuwunel Matrix Homeserver (register users, create rooms, manage room membership, upload files to media server). Use only for explicit standalone a...

0· 65·2 current·2 all-time
byMonty@montycn
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
Purpose & Capability
Name and description (manage a local Tuwunel/Matrix homeserver: register users, create rooms, send messages, upload media) line up with the concrete curl-based API calls in SKILL.md. Operations target the local Matrix HTTP API at 127.0.0.1:6167, which is coherent for this purpose.
!
Instruction Scope
SKILL.md instructs the agent to run curl against the local homeserver and to upload files from arbitrary paths — which is consistent with admin tasks — but it explicitly reads several environment variables from the container (HICLAW_MATRIX_DOMAIN, HICLAW_ADMIN_USER, HICLAW_REGISTRATION_TOKEN, HICLAW_MANAGER_PASSWORD). The skill metadata did not declare these as required, so the runtime instructions access secrets/config that are not represented in the declared surface.
Install Mechanism
Instruction-only skill with no install spec and no code files. This minimizes install-time risk (nothing is downloaded or written to disk by an installer).
!
Credentials
The specific env vars referenced are sensitive but relevant to Matrix admin operations (registration token, admin username/password, domain). The proportionality of the types of secrets is reasonable for the described task, but the package metadata failing to declare them (requires.env / primary credential) is an incoherence and a potential security/operational risk: the skill will attempt to use secrets that were neither documented in the registry nor presented to reviewers.
Persistence & Privilege
The skill is not always-on, does not request system-wide persistence, and does not modify other skills' configuration. It defaults to allowing autonomous invocation (disable-model-invocation: false) which is normal for skills; no additional privilege escalation is requested.
What to consider before installing
This skill appears to be a straightforward local Matrix admin recipe, but it references sensitive container environment variables (HICLAW_MATRIX_DOMAIN, HICLAW_ADMIN_USER, HICLAW_REGISTRATION_TOKEN, HICLAW_MANAGER_PASSWORD) that are not declared in the skill metadata. Before installing or using it: 1) Confirm these env vars exist in the runtime container and that you trust their source; 2) Treat the registration token and admin password as secrets — do not install the skill in an environment where those values are unknown or exposed to untrusted agents; 3) Preferably update the skill metadata to declare required.env (or ask the publisher to) so reviewers and deployers know what credentials are needed; 4) Run the skill only in an isolated environment or with explicit human invocation until you verify behavior; 5) If you did not obtain the skill from a trusted publisher (source unknown/homepage none), consider asking for provenance or a code-backed implementation (not just instructions) before granting it access to live admin credentials.

Like a lobster shell, security has layers — review code before you run it.

latestvk973nnc8adsx2vtc0f14hnq6vx839zbj

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments