Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Pc Assistant Fixed
v1.0.0PC healthcheck and diagnostics with detailed system information and actionable recommendations. Works on Windows, macOS, and Linux. Read-only system diagnost...
⭐ 0· 113·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description promise cross-platform (Windows, macOS, Linux) diagnostics, but the provided repository only contains a Linux Bash healthcheck plus wrapper/scheduler. install.yaml and SKILL.md reference healthcheck.command (macOS) and healthcheck.ps1 (Windows) but those files are not present in the manifest — that is an inconsistency in claimed capability vs. delivered files.
Instruction Scope
The runtime instructions and scripts perform broad read-only system collection (hostname, /proc, lsblk, ip/ss, package lists, Docker, GPU, SMART, /var/log/auth.log, and snippets of ~/.ssh/authorized_keys and known_hosts). These actions are consistent with a diagnostics tool but will capture sensitive information (SSH key contents, failed-login lines, installed packages and user lists). The instructions do not attempt network exfiltration, but they do instruct writing timestamped reports to disk which could leak data if stored in world-readable locations.
Install Mechanism
There is no download-from-URL or binary installer; the skill is instruction/script-based and includes an install.yaml describing intended install paths. No remote fetches or archive extracts are present in the provided files — low install risk. Note: the manifest suggests files will be installed under an npm-global path, but no automated installer is included.
Credentials
The skill requests no credentials or special environment variables by default. It does use/mention configurable env vars (PC_ASSISTANT_OUTPUT_DIR, PC_ASSISTANT_CLEANUP, etc.) which are proportionate. However, the script reads sensitive files (SSH authorized_keys, known_hosts, /var/log/auth.log, user directories and program files under WSL) — this access is explainable for a healthcheck but is sensitive and should be explicitly accepted by the user before running or scheduling.
Persistence & Privilege
always is false and the skill does not request privileged permanent presence. The scheduler will create and optionally delete files in the configured output directory; cleanup is opt-in (PC_ASSISTANT_CLEANUP). The skill does not modify other skills or system-wide agent configuration.
What to consider before installing
This skill appears to be a legitimate Linux system healthcheck script, but before installing or scheduling it you should: (1) note the manifest and docs claim macOS/Windows support even though those platform scripts are not included — ask the author for the missing files or treat it as Linux-only; (2) review the healthcheck.sh yourself (it is included) and confirm you're comfortable with it reading files such as ~/.ssh/authorized_keys, ~/.ssh/known_hosts, /var/log/auth.log, and installed-package lists — these will appear in the generated reports; (3) run it as your regular (non-root) user and in a safe environment first (or inside a VM/container) to inspect outputs; (4) set PC_ASSISTANT_OUTPUT_DIR to a private directory with appropriate permissions and do not store reports in world-readable locations; (5) avoid scheduling until you confirm the script's behavior and the location/rotation/cleanup policy; and (6) if you expect true cross-platform support, request the missing macOS/Windows scripts or choose a different skill packaged for those OSes.Like a lobster shell, security has layers — review code before you run it.
latestvk972ha8nh00zc99ca07kzxewrn834n6g
License
MIT-0
Free to use, modify, and redistribute. No attribution required.