Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
ClawPulse
v0.3.0Connect your OpenClaw agent to ClawPulse - the community analytics dashboard. Automatically collects and pushes aggregate token stats (no message content) to...
⭐ 0· 534·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description (push aggregate token stats to ClawPulse) aligns with the actions described (collect session stats and send to clawpulse.vercel.app). Required binaries (node, npx) are reasonable for installing/running an npm CLI. However, the registry metadata declares no required credentials while the SKILL.md explicitly requires a GitHub token for authentication, which is an inconsistency between declared needs and actual instructions.
Instruction Scope
The SKILL.md tells the agent to read session data from ~/.openclaw/agents/main/sessions/*.jsonl and to push aggregates externally. It also includes an agent-side path for persisting credentials (~/.clawpulse/config.json) and provides an Option B that programmatically extracts a GitHub token via `gh auth token`. The file reads and credential access are within the general claimed purpose but are sensitive operations; the skill asserts 'no message content is ever collected' but gives no verifiable sampling or sanitization steps, so the claim cannot be audited from these instructions alone.
Install Mechanism
No formal install spec is embedded in the registry, but SKILL.md instructs users to `npm install -g openclaw-pulse`. Installing from the public npm registry is a common pattern (moderate risk); there is a listed npm package and GitHub repo to inspect. There is no download from obscure URLs or extract-from-archive instructions.
Credentials
The skill effectively requires a GitHub token to authenticate pushes, but the registry metadata lists no required environment variables or primary credential. Option B suggests programmatically extracting a token from the `gh` CLI and writing it to disk, which can expose a broad-scoped credential. Requesting/storing a personal GitHub token is sensitive and should be declared explicitly; the current omission is a mismatch and a privacy/privilege concern.
Persistence & Privilege
The skill instructs creating recurring OpenClaw cron jobs to run `clawpulse push --silent` twice daily and persisting a GitHub token under ~/.clawpulse/config.json. While not using always:true, the combination of scheduled autonomous pushes plus stored credentials creates ongoing exfiltration capability if the client or package behaves differently than claimed. This persistence increases risk and warrants review of the package implementation and cron registration steps.
What to consider before installing
Before installing or enabling this skill: (1) Inspect the npm package and GitHub repo (openclaw-pulse) source code to confirm what exact fields are read from your session files and how data is sanitized; (2) Do NOT allow the agent to auto-extract your existing `gh` CLI token — prefer the interactive device-flow login (Option A) or create a dedicated GitHub token with the minimal scopes required and rotate it after testing; (3) Verify that the JSONL session files truly exclude message content and sensitive tool arguments; (4) Consider running the CLI in an isolated environment or container and avoid installing it globally until you audit it; (5) If you proceed, monitor the ~/.clawpulse/config.json and cron jobs, and consider limiting the token scope and lifetime. The primary red flags are the undeclared GitHub credential requirement and persistent scheduled pushes — both should be addressed before trusting this skill with real credentials or production data.Like a lobster shell, security has layers — review code before you run it.
latestvk97fgds300df695he84hh07sed81g0y3
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
Binsnode, npx