ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Openclaw Bridge

v1.0.0

Send messages to a local OpenClaw/Rook gateway and receive responses directly from Claude Code. Enables bidirectional agent-to-agent communication via the `o...

0· 51·0 current·0 all-time
by@nerua1
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
Crypto
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill's purpose (send messages to a local OpenClaw gateway via the openclaw CLI) is coherent with the SKILL.md. However the registry metadata lists no required binaries while SKILL.md explicitly requires the openclaw CLI in PATH — a mismatch between declared requirements and runtime instructions.
!
Instruction Scope
Runtime instructions tell the agent to run shell commands embedding user messages (e.g., openclaw agent --message "<message>") and to write/read temporary or shared files (e.g., cat /path/to/.continue-here.md). That gives the skill authority to access arbitrary user files referenced for handoff and raises a command-injection risk if messages are interpolated into shell without proper escaping. The SKILL.md also notes the CLI reads ~/.openclaw/openclaw.json for an auth token (the agent does not read it directly, but invoking the CLI will).
Install Mechanism
This is instruction-only (no automated install spec), which is lower-risk. The README suggests installing the skill by cloning a GitHub repo (git clone https://github.com/nerua1/openclaw-bridge), which is typical but requires you to trust that repository before running any code from it.
Credentials
No environment variables are requested by the registry, which is consistent with relying on the local openclaw CLI. However, the CLI will access a local auth token at ~/.openclaw/openclaw.json; you should verify what that token can do and whether invoking the CLI will forward data elsewhere. The skill does not request unrelated credentials.
Persistence & Privilege
The skill is not always-enabled and does not request elevated platform privileges. It does not claim to modify other skills or system-wide settings.
What to consider before installing
Before installing or enabling this skill: 1) Confirm you have and trust a local openclaw gateway/CLI — SKILL.md expects openclaw in PATH even though the registry metadata didn't list it. 2) Be aware the skill will cause the CLI to access ~/.openclaw/openclaw.json (check what that token permits). 3) The agent may read/write files you point it at for handoff — avoid referencing sensitive files. 4) There is a shell-command interpolation risk: ensure the implementation passes messages safely (as argv) or escapes user content to avoid command injection. 5) If you follow the README's git clone step, inspect the repo before running code. If you need higher confidence, ask the publisher for (a) an explicit required-binaries entry listing openclaw, (b) a note on how messages are passed to the CLI (argv vs raw shell interpolation), and (c) confirmation about any network endpoints the local gateway might forward messages to.

Like a lobster shell, security has layers — review code before you run it.

latestvk9747nngq4jmpkq78nfzezec6584qfwb

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments