ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Claude Code Enhancement

v1.0.1

基于 Claude Code 架构增强 OpenClaw,实现多 Agent 协作、工具权限控制、结构化记忆和任务工作流管理能力。

0· 52·0 current·0 all-time
by@ntaffffff
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description map to the included modules (coordinator, agent, permission, memory, workflow). No unrelated environment variables or external credentials are requested; the code's filesystem usage (under ~/.openclaw/workspace) and CLI commands align with the stated multi‑agent and memory features.
!
Instruction Scope
SKILL.md contains full runtime instructions that tell the agent to create persistent memory files, spawn agents, and suggests cloning from a GitHub repo. A pre-scan detected unicode control characters in SKILL.md (prompt‑injection pattern). The instructions also reference external resources (GitHub, remote images) which could cause network fetches if followed. The included nlp_parser.py appears truncated/buggy (a call to get_enhancemen is incomplete), so the runtime behavior may be unpredictable.
Install Mechanism
No formal install spec is included (instruction-only install), which reduces automated install risk. However the README/SKILL.md recommend 'clawhub install' or 'git clone' from an external GitHub repo (unknown owner). If a user follows the git clone path they will fetch code from an external source — that is an installation decision the user must make and carries extra risk.
Credentials
The skill requests no credentials or env vars, which is appropriate. It does create and modify files under the user's home (~/.openclaw/workspace/memory and skill config paths) and can delete memory files via clear(). This filesystem access is consistent with a memory/agent system but means it will persist data locally — review what is saved and avoid storing secrets there.
Persistence & Privilege
The skill is not marked always:true and uses the normal autonomous-invocation default. It creates persistent memory files under the user's workspace (expected for its purpose). Note the PermissionSystem supports a BYPASS mode that would allow executing without confirmations — that is a configurable, high‑privilege mode and should be avoided unless you trust the code.
Scan Findings in Context
[unicode-control-chars] unexpected: SKILL.md contains unicode control characters which are commonly used in prompt‑injection or obfuscation. This is not necessary for a normal README/instructions and is suspicious; inspect the raw SKILL.md for invisible characters before trusting the content.
What to consider before installing
What to consider before installing/running: 1) Don't blindly run 'git clone' or any installer pointed at an unknown GitHub repo — prefer reviewing the bundled code first. 2) Inspect SKILL.md and README in a raw/text editor for invisible/unicode control characters (they can hide malicious prompts). 3) Run the code in an isolated/sandbox environment (container or VM) and with a throwaway OpenClaw workspace to observe behavior and file writes. 4) Review and lock down the permission configuration (avoid enabling BYPASS mode). 5) Back up any existing ~/.openclaw workspace first; the memory system will create and delete files there. 6) Be aware nlp_parser.py contains a probable bug/truncation which may cause exceptions or unexpected fallbacks — consider running static checks and tests before using with real data. 7) If you need network installs, prefer known release sources (official GitHub releases or vetted packages) and verify their integrity.

Like a lobster shell, security has layers — review code before you run it.

latestvk97f8v4f52tcgk01m1m1bpg9h1845rnf

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments