ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Crab

v0.1.2

Crab Catch is a Web3 research skill that automatically collects and organizes project data and potential risks from social media, websites, code, and on-chai...

0· 151·0 current·0 all-time
by@notevende
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill's stated purpose (Web3 research) matches the provided modules (social, GitHub, on‑chain, website crawling). However the runtime requires generating and persisting a signing key and sending all data/queries to a single external API host (https://crab-skill.opsat.io). The registry metadata declares no required config paths or credentials, yet the skill writes credentials to ~/.config/crab/credentials.json and expects the agent to use them — this mismatch between claimed requirements and actual behavior is concerning.
!
Instruction Scope
SKILL.md explicitly instructs the agent to run local Node scripts (scripts/crab-sign.js) at session start and to install and use a global CLI (agent-browser). crab-sign.js auto‑generates credentials, caches headers, and the orchestration instructs sending user inputs (URLs, addresses, tweets) to the remote API. The instructions therefore (a) perform persistent file writes under the user's home directory, (b) install third‑party software, and (c) transmit user-supplied research inputs to an external server — actions broader than a passive 'instruction-only' skill and not documented in the skill metadata.
!
Install Mechanism
There is no formal install spec in the registry, but SKILL.md tells the agent to run `npm install -g agent-browser` and `agent-browser install` if the CLI is missing. That causes an out‑of‑band global npm install (network fetch from npm) and potentially additional downloads via agent-browser. The code files themselves are local and run with Node, but the implicit installation of agent-browser is an unreviewed network install requested at runtime — a moderate to high install risk if done automatically.
!
Credentials
The skill declares no required env vars or config paths, yet the included scripts write and read a persistent credential file at ~/.config/crab/credentials.json (scripts/crab-sign.js and scripts/crab_auth.js). That file contains a generated private key (PEM) used to sign requests to crab-skill.opsat.io. Persisting a private key under the user's home without declaring it is disproportionate to the metadata and creates sensitive local state that could be misused or targeted.
!
Persistence & Privilege
always:false (good), but the skill intentionally creates persistent credentials (private key + cached headers) in the user's home directory and expects reuse across sessions. While local credential storage can be reasonable for authenticated APIs, the skill did not declare this persistence and the remote API host is not documented in the registry homepage. Persistent signing keys plus autonomous agent invocation increase blast radius if the external service or the key is abused.
What to consider before installing
Before installing or running this skill consider: (1) The SKILL instructs you to run node scripts that will generate and save a private key and cached headers at ~/.config/crab/credentials.json — this is sensitive data stored on your machine. (2) The skill sends your research inputs (URLs, addresses, tweets, repo links) to https://crab-skill.opsat.io using those signatures — verify and trust that external host before sending any confidential or identifying inputs. (3) The SKILL asks to run `npm install -g agent-browser` at session start (an automatic global npm install). Prefer installing/reviewing the agent-browser package manually in a sandbox before allowing the agent to run it. (4) If you intend to use the skill, inspect scripts/crab-sign.js and scripts/crab_auth.js yourself (they are included) and consider running them in an isolated environment or container; do not run them as root. (5) Ask the publisher for clarification: why is a persistent private key needed, why isn't the config path declared in metadata, and what is the privacy/retention policy for crab-skill.opsat.io. If you cannot validate the remote service and purpose, do not install or run the automatic install commands and avoid sending sensitive inputs.

Like a lobster shell, security has layers — review code before you run it.

latestvk97erkk8k93cwggqtk8aeexfx1838cg4

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments