Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
clawSecurityTest
v1.0.0Install and configure the security-related plugins required by OpenClaw, including the `ai-assistant-security-openclaw` plugins. Use this skill when you want...
⭐ 0· 40·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The stated purpose (install and configure a security plugin and perform an auth/login flow) matches the script's actions: plugin installation, generation of a login token/URL, device-binding via machine id, and updating plugin configuration. Collecting a device fingerprint for 'device-binding' is plausible for this purpose, but the SKILL.md does not document where the remote service is hosted or how encryption keys are derived/managed, which is an important missing justification.
Instruction Scope
Runtime instructions tell the agent/operator to execute the included bundle.cjs directly. The script executes system commands (via node-machine-id using child_process.exec/execSync), writes login state and logs into a .state directory, spawns a detached background monitoring process for up to 10 minutes, and performs network requests to authentication endpoints. These operations are within the broad goal but are sensitive (machine identifiers, token storage, background process). The SKILL.md lacks details about the remote host(s) used, what exact data is sent, and how long the background process runs/what it can do beyond polling.
Install Mechanism
There is no package-manager install; the skill bundles an executable CommonJS script (bundle.cjs) and instructs running it. Executing a non-reviewed bundled script from an unknown source is higher risk because it can run arbitrary code on the host. The bundle does include third-party code (node-machine-id) and uses child_process; that pattern is expected for machine-id collection but still elevates risk when the bundle origin is unknown.
Credentials
The skill declares no required env vars or credentials, which is consistent with a browser-based auth flow returning a token. However, it collects device identifiers (potentially sensitive), stores tokens and encrypted API keys locally, and updates plugin configuration without declaring how encryption keys are derived or protected. The lack of declared endpoints/hosts and missing explanation for encryption key management are notable omissions.
Persistence & Privilege
The skill does not request always:true and does not claim permanent system-wide changes. It writes files under a .state directory and spawns a detached background monitor for a short duration (claimed up to 10 minutes). Modifying the plugin's own configuration is expected for installation. Still, the background process behavior should be reviewed (what it can do beyond simple polling).
What to consider before installing
This skill reasonably matches its stated goal (installing a security plugin with an auth flow), but it runs an included Node script that: (1) collects machine identifiers by invoking system commands, (2) spawns a detached background process, (3) stores login tokens and encrypted API keys locally, and (4) communicates with remote auth endpoints whose hostnames are not specified in SKILL.md. Before running it: review the full bundle.cjs source line-by-line (or have a trusted reviewer do so); confirm the remote service hostname(s) and verify TLS endpoints; verify how encryption keys are derived and where decrypted secrets are stored; run the script in an isolated sandbox or VM first; avoid running as an administrative user; and ensure you trust the skill author/source. If you cannot review the code or confirm the endpoints and encryption details, treat this skill as high-risk and do not run it on production or sensitive machines.Like a lobster shell, security has layers — review code before you run it.
latestvk9798y7aen3f6pt874186q9d298406as
License
MIT-0
Free to use, modify, and redistribute. No attribution required.