ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

4090ctl

v1.0.0

Remotely manage the 4090 server via SSH to monitor Docker containers, restart services, and check system status.

0· 640·2 current·2 all-time
by@olmmlo-cmd
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
Name/description say 'manage 4090 via SSH', which matches the commands in SKILL.md, but the metadata lists no required binaries, env vars, or config paths even though the instructions explicitly use ssh, docker, and refer to ~/.ssh/config and ~/.ssh/4090_key. The skill should have declared at minimum 'ssh' (and likely docker/docker-compose if run locally) and the SSH key/config path.
!
Instruction Scope
Runtime instructions tell the agent to run ssh -F ~/.ssh/config 4090 "..." and reference an IdentityFile path and username. That implicitly requires access to the user's ~/.ssh/config and private key and will cause the agent to read/use those secrets when invoked. The SKILL.md also includes bare docker/docker-compose commands (some prefixed by ssh, some not), which is ambiguous about where they should run and whether local docker access is expected.
Install Mechanism
Instruction-only skill with no install spec — lowest install risk. Nothing will be written to disk by an installer.
!
Credentials
No required environment variables or primary credential are declared, yet the instructions require a private SSH key (IdentityFile) and an SSH config entry for host '4090'. That is effectively a secret/config dependency that is not declared. There are no unrelated credentials requested, but the omission means the agent or user may inadvertently expose sensitive keys.
Persistence & Privilege
Skill is not always-on and does not request persistent system modifications. Autonomous invocation is allowed (platform default); combined with the undeclared key access this increases risk but by itself is not a misconfiguration.
What to consider before installing
This skill will SSH to 192.168.199.17 using your ~/.ssh/config and the private key at ~/.ssh/4090_key (username 'olmmlo') — but it doesn't declare those requirements. Before installing: (1) only install if you trust the skill source and the target server; (2) verify the agent runtime is not permitted to read your ~/.ssh files unless you intend it to; (3) consider requiring the skill to declare required binaries (ssh, docker, docker-compose) and the config/key path explicitly; (4) prefer manual invocation or a restricted runtime for this skill so it cannot autonomously access your SSH key; (5) if you are unsure, test in an isolated environment or add a dedicated key with limited server privileges instead of using a personal key.

Like a lobster shell, security has layers — review code before you run it.

latestvk978w9z39qkdawnaa55v9bpmh181arxb

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments