ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

AI Cluster Pre-flight Check

v1.0.1

Pre-flight check for GPU cluster nodes — node validation before training, check cluster node health, is my GPU node ready. 26 health checks covering GPU, PCI...

0· 102·0 current·0 all-time
byXperf Inc.@ops-xperf
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description match the included scripts: the code implements ~26 local and cross‑node hardware and config checks (GPU, PCIe, RDMA, NUMA, firewall, BIOS, switch, etc.). Required binaries (GPU vendor tools) are appropriate. However the manifest under‑declares other binaries the scripts use (ssh, ip, lspci, ethtool, setpci, dmidecode, ipmitool, docker, etc.), and declares jq as a required binary although the scripts implement JSON formatting without jq. Also the registry marks PREFLIGHT_NODE_ID as the "primary credential" despite it being a harmless node identifier.
!
Instruction Scope
Runtime instructions (run preflight.sh) are explicit and the scripts do many privileged/local inspections: reading /proc/cmdline, /sys entries, lspci, lsmod, setpci, dmidecode, ipmitool, ip/ethtool, and more. Cross‑node checks will attempt SSH to the IPs you provide. The script also runs docker run for vendor test images (nvidia/cuda, rocm/*) which will pull and execute container images from the network. These behaviors are coherent with the stated purpose but amount to network activity and code execution on the host (docker images) and attempts to access low‑level system interfaces that may require root. The SKILL.md does not explicitly warn about pulling/running container images or requiring root privileges for some checks.
Install Mechanism
No install spec — bundled as scripts. That keeps install risk low (no arbitrary archive download during install). Files are present in the skill package, so nothing is fetched during install; however runtime docker actions may fetch images from registries.
Credentials
No sensitive credentials are required. The primaryEnv is PREFLIGHT_NODE_ID which is just an identifier. The skill exposes many optional environment variables (PREFLIGHT_PEER_IPS, SWITCH_HOST, SWITCH_CLI_CMD, SWITCH_USER, etc.) which are relevant to cross‑node and switch checks. Nothing requests unrelated cloud/API credentials. However the registry's labeling of PREFLIGHT_NODE_ID as a "primary credential" is misleading.
Persistence & Privilege
always is false and the skill does not request permanent presence or modify other skills. It can be invoked autonomously (default) which is normal — note this combined with network and docker execution increases operational impact, but autonomy alone is not flagged.
What to consider before installing
This skill appears to do what it claims (local and cross‑node hardware/config checks), but take precautions before running it on production hosts: - Run it in a safe environment first (a non‑production node or an isolated VM) to observe behavior. - Be aware it may require root for full coverage (dmidecode, setpci, ipmitool, reading /dev/mem, etc.). Without root some checks will fail or be skipped. - Cross‑node checks (PREFLIGHT_PEER_IPS) will attempt SSH to the IPs you supply; those are outbound connections from the node. If you set SWITCH_HOST or similar it may attempt SSH to switches. - The script will run docker run with public vendor images (nvidia/cuda, rocm images). That will pull and execute container code from registries — review those image names and ensure pulling external images is acceptable in your environment. - The manifest under‑declares some runtime binaries (ssh, ip, lspci, ethtool, setpci, dmidecode, ipmitool, docker). Ensure required tooling is present and acceptable. - PREFLIGHT_NODE_ID is not a secret; the registry's labeling as a primary credential is misleading. If you want to proceed: review the bundled scripts (they are included), run with PREFLIGHT_PEER_IPS unset (local checks only) and without PREFLIGHT_STRICT first, and consider auditing or removing the docker tests if pulling/executing images is unacceptable in your environment.

Like a lobster shell, security has layers — review code before you run it.

latestvk971f9z6772vtw02cgm3cq8was833jrh

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🔍 Clawdis
OSLinux
Binsbash, jq
Any binnvidia-smi, amd-smi, rocm-smi
Primary envPREFLIGHT_NODE_ID

Comments