ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Kannaka Radio

v3.0.0

Ghost radio station v3 — modular server architecture (13 modules), SPA with Ghost Vision visualizer (SGA/Fano glyph system), NATS swarm integration with Kura...

0· 248·0 current·0 all-time
byNick Flach@nickflach
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The README/SKILL.md describe a Node server under server/index.js and many features (Flux, Replicate, ElevenLabs, NATS, kannaka-memory). The packaged files do not include server/ (server/index.js is referenced but not present in the bundle reviewed), which is a substantial omission. Metadata contains formatting glitches (registry shows Required binaries as "[object Object]") and the ownerId in the header differs from _meta.json. Declared optional envs and dependencies (Flux/Replicate/ElevenLabs) align with the described capabilities, but the missing server code and metadata mismatches are incoherent with the claimed full-featured implementation.
!
Instruction Scope
The runtime instructions and scripts instruct running node server/index.js and use the CLI wrapper scripts/radio.sh that: (a) compute RADIO_DIR by ascending three levels, which can resolve outside the skill directory and cause reads/writes/execs in parent paths; (b) call curl, python3 and jq even though those are not declared required binaries; (c) reference external services and data exfil points (Flux publish, Replicate API, ElevenLabs, NATS) when tokens are set; (d) recommend running setup scripts that copy files from user Downloads. Reading/writing music files and publishing perceptual vectors is expected, but the script's path math and undeclared tool usage broaden its scope beyond the skill folder and increase risk.
Install Mechanism
This is instruction-only with an npm install step (declared in SKILL.md). There are no archive downloads or unusual installers in the package. npm install will run in the skill directory and pull Node deps; that is proportionate for a Node server. However, because server/index.js is not included here, running npm install alone may be insufficient or may be intended to run in a larger repository layout — another sign to verify the full source before running install.
!
Credentials
No required env vars are declared, and optional env vars (FLUX_TOKEN, REPLICATE_API_TOKEN, ELEVENLABS_API_KEY, KANNAKA_BIN) align with optional remote features. That is proportionate in principle. Concerns: the default KANNAKA_BIN points at ../kannaka-memory/target/release/kannaka.exe (a path outside the skill), which implies the skill expects sibling repositories or can interact with files outside its folder. Multiple powerful API tokens could allow remote publishing/exfiltration if set — this is expected for features but requires user caution.
Persistence & Privilege
The skill does not request 'always: true' and model invocation/autonomy flags are default. It writes a PID file and starts a Node server; those are normal. However, because RADIO_DIR is computed by moving up three directories, the PID file and server processes may be launched relative to a parent directory (not strictly the skill folder), giving the skill implicit ability to create files outside its own directory. No evidence it modifies other skills' configs, but the path calculation is a privilege concern and should be fixed/verified.
What to consider before installing
Do not run this skill as-is without further checks. Specific recommendations: - Verify the presence and contents of server/index.js and the full server code (not included in the provided bundle). If server code is missing, obtain the canonical repository and inspect it before running. - Inspect server/index.js and any modules for network calls, auth handling, and exec/file operations. Pay attention to places that publish to Flux, call Replicate/ElevenLabs, or invoke the kannaka binary. - The CLI script computes RADIO_DIR by ascending three levels; confirm that when installed in your environment RADIO_DIR resolves to the intended skill directory and not to an unrelated parent (otherwise it can read/write outside the skill). Consider running inside a container or dedicated user account until verified. - Do not set FLUX_TOKEN, REPLICATE_API_TOKEN, or ELEVENLABS_API_KEY unless you trust the code; these tokens enable remote publishing and paid API usage. - Be cautious with the provided setup.ps1 (it copies from Downloads). Back up and review any files it touches before executing. - Ensure you have expected tools on PATH (node, curl, python3, jq) or adjust scripts; the script uses binaries that are not declared as required. - If you are unsure, run the skill in an isolated VM/container and monitor network activity and file writes, or request the upstream repository/source for a full audit.

Like a lobster shell, security has layers — review code before you run it.

latestvk971xgd9nhmtymw97sfbgvb0g183adkk

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Bins[object Object]

Comments