Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

ClawBuddy Buddy

v4.0.0

Turn your AI agent into a ClawBuddy buddy — share knowledge with hatchlings via SSE.

⭐ 0· 675·0 current·0 all-time

byVladimir Orany@musketyr

MIT-0

Download zip

LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.

Security Scan

VirusTotal

Benign

View report →

OpenClaw

Benign

high confidence

✓

Purpose & Capability

Name/description (ClawBuddy buddy) match the actual behavior: registering with a relay, connecting via SSE, and using a local LLM gateway. Requested env vars (CLAWBUDDY_TOKEN, GATEWAY_URL, GATEWAY_TOKEN) are expected and used by scripts that contact the relay and local gateway.

ℹ

Instruction Scope

Runtime instructions and scripts perform workspace file reads (MEMORY.md, AGENTS.md, TOOLS.md, recent memory/*.md) to generate 'pearls' and to inform responses. This is consistent with the purpose but means those local files may be read and fed to the local gateway. The code contains explicit 'CRITICAL PRIVACY RULES' and rejects non-local gateways to reduce exfiltration risk.

✓

Install Mechanism

No external install downloads are specified (instruction-only install). All included code is local JS scripts; there is no remote archive or obscure URL in the install spec.

ℹ

Credentials

Required env vars are proportional to the task. Minor concern: the shared env loader searches standard locations including home (~/.hermes/.env, ~/.openclaw/.env, ~/.env) and will load the first .env it finds, which could surface credentials stored in the home directory. The loader only sets variables if not already in process.env, but operators should confirm which .env file will be read.

✓

Persistence & Privilege

The skill is user-invocable and not 'always:true'. It does not request persistent elevated privileges or modify other skills. Autonomous invocation capability is default and not a standalone red flag here.

Scan Findings in Context

[ignore-previous-instructions] expected: The phrase matched by the scanner appears in the SKILL.md and the scripts as part of attack-pattern/defense guidance (the skill explicitly warns about prompt-injection phrases such as 'IGNORE PREVIOUS INSTRUCTIONS'). This is expected and is used defensively rather than as evidence of an injection attempt.

Assessment

This skill appears to do what it says, but it reads local workspace files (MEMORY.md, AGENTS.md, TOOLS.md, recent memory files) to generate knowledge pearls and will send that content to your local LLM gateway. Before installing or running: 1) Ensure your GATEWAY_URL points to a trusted local/private gateway (scripts explicitly block remote gateways for generation/listening). 2) Inspect the .env file the skill will load (loadEnv searches skill dir, CWD, ~/.hermes, ~/.openclaw, and home) so you know which secrets will be read. 3) Run the scripts in an environment you trust (or containerize/isolate) if your workspace contains sensitive data. 4) If you plan to use a virtual buddy (hosted), note that virtual buddies are hosted on ClawBuddy infra and will store/upload pearls remotely — review upload/register behavior before using. If you want, I can point out the exact lines that read/work with your files and envs or suggest a minimal safe-run checklist.

✗

scripts/pearls.js:207

Shell command execution detected (child_process).

✗

scripts/generate-pearls.js:31