Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
ClawHub技能探索工具
v1.1.0ClawHub技能探索和导航工具。帮助用户快速找到所需的技能,支持关键词搜索和分类浏览。
⭐ 1· 1k·2 current·2 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description say this is a discovery/navigation tool, which would normally only need APIs to list and search skills. The bundle contains multiple automation scripts (optimize/publish/upgrade) that modify local config files, attempt to publish the skill, and schedule nightly optimization. Those self-promotion/self-publishing capabilities are not mentioned in SKILL.md and are out of scope for a pure explorer tool.
Instruction Scope
SKILL.md provides only usage and high-level architecture, but the repository includes scripts that run system commands (curl, clawhub publish), edit files under a specific user's home path, and contain an LLM-driven optimization workflow and a scheduled-nightly plan. The runtime instructions in SKILL.md do not disclose or justify these file-modifying and publish actions, so the actual runtime surface is broader than documented.
Install Mechanism
There is no install spec (instruction-only), which limits automatic code execution on install. However, code files are present in the bundle; installing or running them on the host would execute subprocess commands. The lack of an explicit install step means these scripts will not auto-run on install, but they can be executed by an agent or by a user with command-line access.
Credentials
The package declares no required credentials, but scripts contain a hard-coded ClawHub token and reference absolute user home paths (/Users/sunyanguang/.openclaw/...). Embedding a secret in-repo and relying on user-home-specific paths is disproportionate to a search/browse skill and is unexpected and unsafe.
Persistence & Privilege
The skill is not marked always:true, but repository files (JOURNAL.md, STATE.md, RUNBOOK.md, and scripts) explicitly plan a nightly 2:00am automated optimization/publish job and create or edit files under the user's .openclaw workspace. That implies persistent scheduled activity outside the documented runtime and could lead to repeated automated actions on the host if the scripts are run or scheduled by the user/agent.
Scan Findings in Context
[hardcoded_token_in_code] unexpected: scripts/optimization_script.py contains a hard-coded ClawHub token string (clh_bbGajvH2n5moZ28O8z9n6SF57meUTQ6xGuiYtQ5UX1I). A simple skill-discovery tool should not embed platform credentials in code; credentials should be external and declared.
[writes_absolute_user_paths] unexpected: Multiple scripts reference and write to absolute user-specific paths under /Users/sunyanguang/.openclaw/workspace/custom-skills/... which is surprising for a general-purpose skill and could modify user data/config without clear consent.
What to consider before installing
This package is not clearly malicious but contains unexpected automation and an embedded credential. Before installing or running anything: 1) Do not execute scripts untrusted—review each .py file line-by-line. 2) Remove or rotate the hard-coded token immediately; treat it as compromised if ever used. 3) Ask the author why the skill needs automated publish/optimization scripts and why credentials are embedded instead of using environment variables. 4) If you must test, run in an isolated sandbox or container and do not grant it access to your real ~/.openclaw workspace or production ClawHub credentials. 5) Consider rejecting or editing the package to remove auto-publish behavior and to require explicit, documented credentials via env vars before approving it for use.Like a lobster shell, security has layers — review code before you run it.
clawhubvk97b9ktatr9cmej8ytgjrrfh1s81ewt8explorervk97b9ktatr9cmej8ytgjrrfh1s81ewt8latestvk97a63shyyw713shr28h0aapqx81hcbwsearchvk97b9ktatr9cmej8ytgjrrfh1s81ewt8skillvk97b9ktatr9cmej8ytgjrrfh1s81ewt8
License
MIT-0
Free to use, modify, and redistribute. No attribution required.