ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Ponddepth Levels

v0.1.1

Leveling overlay for OpenClaw Control UI (badge + XP + daily tip + level list + icons).

0· 321·0 current·0 all-time
by@pureheart
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The declared purpose is a UI leveling overlay and the package includes the badge JS and helper tasks to generate metrics — that is coherent. However the package also contains an unmentioned installer helper (skill_install_queue.py) that can run `clawhub install <name>`, and the install script expects an extension directory ($WS/.openclaw/extensions/ponddepth) with files that are not present in the published manifest, which is inconsistent and will cause install-time failures or confusion.
!
Instruction Scope
SKILL.md instructs users to run the provided install.sh which copies files into global OpenClaw UI asset paths (/opt/homebrew/...), creates/edits OpenClaw cron jobs, and installs python helper tasks. The python tasks read local session logs and memory, run `openclaw`/`clawhub` CLI commands, and write JSON into the UI assets. One task (tasks/companion_metrics.py) has hardcoded /Users/aibaobao paths, which is unexpected and likely erroneous; skill_install_queue.py will attempt to run arbitrary `clawhub install` commands from a queue file. These behaviors go beyond a simple UI overlay and grant the skill the ability to inspect local session data and trigger installs — both of which should be explicitly documented and consented to.
Install Mechanism
There is no remote download; installation is local (copying assets and scripts). That lowers supply-chain download risk. However the install script writes into a global Homebrew prefix and creates cron jobs via the openclaw CLI, so filesystem and persistent modification risk remains. The install.sh also requires that an extension directory exist in the workspace and copies plugin files from it — those files are not present in the package, which is inconsistent.
!
Credentials
The manifest lists only python3 as a required binary, but the scripts plainly call `openclaw`, `clawhub`, and optionally `jq` — binaries not declared. The tasks run `clawhub whoami` (exposes the clawhub account identity) and `openclaw sessions --all-agents` (reads session/token metrics). The skill_install_queue can run `clawhub install` which will use the user's ClawHub credentials to install other skills. Those capabilities are powerful relative to a UI-only enhancement and should be justified and explicitly requested.
!
Persistence & Privilege
always:false and normal autonomous invocation settings are fine, but the install writes into the global Control UI assets dir and creates/edits cron jobs via `openclaw cron add/edit`. That creates persistent scheduled tasks that will run the packaged Python scripts. While the cron targets here are limited to metrics/status, persistent code that can execute `clawhub install` (present in the package) increases the blast radius if misused. The package does not request elevated OS privileges explicitly, but it modifies other software's install directories (requires write permission).
What to consider before installing
This package is not obviously malicious, but it includes unexpected capabilities and some sloppy/incompatible parts. Before installing: - Inspect the scripts locally (install.sh, uninstall.sh, and all tasks). Verify you are comfortable with files being copied into your OpenClaw Control UI assets directory and that you have backups. - Note the package will attempt to create OpenClaw cron jobs that run the included Python scripts. If you do not want scheduled runs, do not allow cron creation (or run the install script but skip the cron commands). - Look closely at tasks/skill_install_queue.py — it can run `clawhub install <name>` from a queue file. If you do not want automatic or queued installs, remove or disable this script. - Fix or confirm path usage: one script uses hardcoded /Users/aibaobao paths (likely a bug). Ensure the tasks will read only directories you expect (use OPENCLAW_WORKSPACE and OPENCLAW_UI_ASSETS_DIR overrides when running the installer). - Confirm the expected extension files (openclaw.plugin.json, index.ts) are present in the workspace extension dir or adjust the install script; the install currently expects them but they are not included in the published files. - Consider running the install steps in a controlled environment (temporary VM or container) first, or run the install script line-by-line in a shell to see exactly what it changes. If you proceed, keep the uninstall script handy and verify the backup created under ~/.openclaw/workspace/_deleted/ before making other changes.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

🦞 Clawdis
Binspython3
latestvk9767czjfs178ygqahh34dahw982ayha
321downloads
0stars
2versions
Updated 6h ago
v0.1.1
MIT-0
@pureheart
latest
Download

PondDepth Levels (🦞)

A game-like leveling overlay for OpenClaw Control UI.

Quick demo

PondDepth badge in OpenClaw Control UI

What you get

  • Top-left PondDepth badge with hover popover
  • XP → Level + progress (reads companion-metrics.json)
  • Daily one-line OpenClaw tip (reads openclaw-tip.json)
  • Level list / XP ranges (hover ?) + current XP highlight
  • i18n (zh/en) + compact skills list layout
  • Level icons (B/F/S × 1..5)
  • Skills install CTA (B2) that checks ClawHub auth status and guides users to run clawhub login

Requirements

  • python3
  • OpenClaw installed via Homebrew (default paths below)

Install

1) Install the skill

clawhub install ponddepth-levels

2) Apply it to Control UI (copies assets into OpenClaw install)

bash ~/.openclaw/workspace/skills/ponddepth-levels/scripts/install.sh

3) Refresh

Open Control UI and hard refresh.

What this modifies (important)

This skill copies files into your local OpenClaw installation:

  • UI assets directory (default):
    • /opt/homebrew/lib/node_modules/openclaw/dist/control-ui/assets
  • Files written/updated:
    • ponddepth-badge.js
    • ponddepth-icons/*.png

A timestamped backup is saved to:

  • ~/.openclaw/workspace/_deleted/ponddepth-install-backups/<timestamp>/

Scheduled jobs (created on install)

The install script best-effort creates/updates two OpenClaw cron jobs:

  1. PondDepth ClawHub status (10m)

    • Writes clawhub-status.json for the “Install skills” CTA UX

  2. PondDepth companion metrics (hourly)

    • Generates companion-metrics.json (XP/level)

Configuration (optional)

You can override paths used by the install script:

  • OPENCLAW_WORKSPACE (default: ~/.openclaw/workspace)
  • OPENCLAW_UI_ASSETS_DIR (default: Homebrew OpenClaw Control UI assets dir)

Example:

export OPENCLAW_UI_ASSETS_DIR="/path/to/openclaw/dist/control-ui/assets"
bash ~/.openclaw/workspace/skills/ponddepth-levels/scripts/install.sh

Uninstall

bash ~/.openclaw/workspace/skills/ponddepth-levels/scripts/uninstall.sh

This removes the injected UI assets and (best-effort) restores the most recent backup from:

  • ~/.openclaw/workspace/_deleted/ponddepth-install-backups/

Troubleshooting

  • Nothing shows up: run the install script again, then hard refresh Control UI.
  • Permissions error copying into /opt/homebrew/...: run with a user that has write permission to that Homebrew prefix (or set OPENCLAW_UI_ASSETS_DIR).
  • Icons missing: ensure ponddepth-icons/ exists under the Control UI assets dir.

Notes for maintainers

  • To keep publish size small, this package ships resized PNGs in assets/icons_bin/ and ignores assets/icons_b64/ during publish via .clawhubignore.

Comments

Loading comments...