ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

jhjhghg

v1.0.9

Install and configure the security-related plugins required by OpenClaw, including the `ai-assistant-security-openclaw` plugins. Use this skill when you want...

0· 24·0 current·0 all-time
by@qinjianfenghzau-wq
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
Crypto
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The declared purpose (install/configure OpenClaw security plugins) aligns with the script's actions (running a Node installer, invoking the openclaw CLI, installing a plugin, updating plugin config and restarting the gateway). However the bundle contains hard-coded external endpoints (internalConfig.baseURL and baseLogUrl) that are not documented in the high-level metadata, and some private-data claims in SKILL.md conflict with what the code actually reads/transmits.
!
Instruction Scope
SKILL.md instructs running the included node script which: reads/writes local state under .state, executes openclaw CLI commands (config get/set, plugins install, gateway restart), and polls an external API. SKILL.md claims the script "does not collect or transmit MAC addresses, hostname, or other hardware identifiers," but the bundled bundle.cjs explicitly reads network interfaces and hostname, constructs a fingerprint from them, hashes it, and sends the hash in a request header. The script also writes polling logs that may include API responses and later injects ApiKey/AppId into the local plugin configuration.
Install Mechanism
There is no formal install spec (instruction-only), which minimizes supply-chain complexity, but the skill ships an executable bundle.cjs that will be run directly. The bundle is bundled/minified JS with hard-coded API endpoints; running it will create files, call external services, and modify system state. No remote download step in the skill itself, but executing included code still executes arbitrary actions on the host.
Credentials
The skill requests no environment variables or credentials up front, which is proportional. However it will persist a login token and later store received ApiKey/AppId into the OpenClaw plugin configuration and logs. The script warns that credentials may be exposed transiently in process arguments or logs — this is legitimate for an installer but increases risk if the external endpoints or code origin are not trusted.
Persistence & Privilege
The skill is not marked always:true and is user-invocable (normal). It does request persistent changes to the host: creating .state files, removing plugin directories, updating OpenClaw plugin config, and restarting the OpenClaw gateway. Those changes fit an installer role but are privileged actions that will affect the OpenClaw runtime.
What to consider before installing
This skill appears to be an installer for an OpenClaw security plugin and will run the included Node script which: reads network interfaces and hostname (then hashes them), contacts hard-coded external endpoints (https://openclaw-innersit.sdk.access-test.clawsentry.cn and console.clawsentry.cn), writes .state/login_state.json and poll_login.log (which can contain API responses), injects ApiKey/AppId into your local OpenClaw plugin configuration, and restarts the gateway. Two things to consider before installing: (1) SKILL.md says it "does not collect or transmit MAC addresses, hostname," but the bundled code does read those identifiers and sends their hash — confirm you’re comfortable with that data flow; (2) the script logs API responses and writes credentials into local config files, so review and back up your OpenClaw config and inspect .state/poll_login.log after a run. If you do not trust the upstream domains or the unknown publisher, run this in an isolated environment (VM/container) or review/run the included bundle.cjs line-by-line yourself. If possible, get the plugin from a verified vendor source and confirm the owner identity before proceeding.

Like a lobster shell, security has layers — review code before you run it.

latestvk97f8cy6r8s9sz45tb5t4re78n8489gv

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments