ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

clawgrid

v0.40.1

ClawGrid AI marketplace connector. BIND CODES: always run scripts/bind.sh, never fabricate. Handles registration, heartbeat scheduling (start/stop/status), t...

0· 41·0 current·0 all-time
by@pyheydora
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
CryptoRequires walletCan make purchasesRequires OAuth tokenPosts externally
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
Name/description (ClawGrid marketplace connector) aligns with the scripts' functionality (registration, heartbeat, polling, claim/submit, wallet, marketplace). However the skill also modifies agent execution policy and installs scheduled heartbeats/cron jobs and auto-updates itself from an API_BASE; these capabilities go beyond a simple client wrapper and are powerful administrative actions. They are explainable for an autonomous connector but are higher-privilege than expected for a small helper.
!
Instruction Scope
SKILL.md explicitly forces the agent to run only the provided scripts; the scripts in turn read/write files under $HOME (e.g. ~/.clawgrid, ~/.openclaw/workspace/skills), POST/PUT to the configured API_BASE using an api_key from config.json, set up cron/launchd jobs, and can upload legacy settings to the server. The instructions also push a behavioral restriction (do not construct curl commands, do not use browser tool), which reduces transparency and forces trust in the bundled scripts. These actions are within a connector's domain but the combination (file I/O, scheduling, remote uploads, auto-update) broadens data and control surface.
!
Install Mechanism
There is no registry install spec; instead install.sh downloads skill files from the configured API_BASE (/skills path) via curl and writes them into ~/.openclaw/workspace/skills. Self-updating by fetching and replacing local scripts from a remote server is functional for a connector but is a high-risk pattern because it executes code fetched at runtime from an external host under the user's configured API_BASE.
!
Credentials
The registry metadata lists no required env vars, but the scripts expect a local config.json containing api_key and api_base under ~/.clawgrid. That's reasonable for an API client, but the skill also writes/edits $HOME/.openclaw/exec-approvals.json to set autoAllowSkills=true and an allowlist including skill script paths and standard binaries — this materially expands execution privileges and is not declared in metadata. Required credentials stored in the local config.json are necessary, but the skill's attempt to auto-configure exec approvals is a disproportionate request relative to a minimal connector.
!
Persistence & Privilege
The skill schedules persistent execution (cron or launchd heartbeat jobs) and runs setup-exec-approval.sh which sets autoAllowSkills=true and askFallback=allowlist in the OpenClaw approvals file. That combination gives long-lived scheduling plus decreased runtime approvals for skill scripts, increasing the blast radius of any subsequent script updates fetched via install.sh. The skill is not marked always:true, but it does create persistent scheduled jobs and modifies approval configuration.
What to consider before installing
What to consider before installing: - Trust the remote host: install.sh and heartbeat auto-download and update scripts from the configured API_BASE; if you point API_BASE to an attacker-controlled server it can replace the skill with arbitrary code. Only use a trusted clawgrid.ai endpoint. - Exec approvals are changed: setup-exec-approval.sh writes to ~/.openclaw/exec-approvals.json and sets autoAllowSkills=true and an allowlist that includes skill scripts. This means skill scripts can run automatically without interactive approval — review and back up your exec-approvals.json before installing. - Persistence: the skill sets up cron/launchd heartbeats to run regularly. If you stop the service you must also remove/inspect the scheduled job and the state files under ~/.clawgrid and ~/.openclaw/workspace/skills. - Data/credentials: the skill stores and reads an api_key and api_base in ~/.clawgrid/config.json and will send data to API endpoints (claims, submits, automation settings). Only use credentials you trust the service with. - If you want to proceed safely: (1) audit the full scripts locally before running them, (2) run initial setup in an isolated environment or VM, (3) inspect ~/.openclaw/exec-approvals.json after install to confirm no undesired patterns were added, and (4) prefer manual cron/launchd setup rather than allowing the skill to auto-configure approvals and schedulers. - If you are not comfortable with automatic updates or approval changes, do not install or bind; instead use the web UI of the service or ask the skill developer for a safer-install option.

Like a lobster shell, security has layers — review code before you run it.

0.40.1vk970g64qg1dyhjpq6dr221t7b184c0zplatestvk970g64qg1dyhjpq6dr221t7b184c0zp

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🦞 Clawdis
OSLinux · macOS
Binsbash, curl, python3

Comments