Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Csam Shield
v1.0.0Detects, blocks, and reports Child Sexual Abuse Material using AI-driven image, video, and behavior analysis with automatic NCMEC reporting and evidence pres...
⭐ 0· 463·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The SKILL.md describes a full CSAM detection/reporting system (PhotoDNA/PDQ integration, NCMEC reports, evidence preservation). Registry metadata claims no required env vars or install, yet the instructions reference installing @raghulpasupathi/csam-shield via npm and using process.env.NCMEC_API_KEY and process.env.EVIDENCE_ENCRYPTION_KEY. PhotoDNA/PDQ integrations normally require formal agreements and credentials; those are not declared in the registry metadata. This inconsistency (declared nothing vs instructions requiring credentials/providers) does not add up.
Instruction Scope
SKILL.md instructs analyzing arbitrary file paths, checking hashes, gathering user_info/ip/device_info, preserving evidence to /secure/evidence/ and /secure/csam-hashes/, and automatically reporting to https://report.cybertip.org/. These operations read, store, and transmit highly sensitive PII and content; yet the skill provides no clear human-review gating, access controls, or declared required credentials. The instructions give broad discretion (automatic reporting, indefinite retention) which increases risk.
Install Mechanism
The registry contains no install spec or code files, but SKILL.md tells the user to npm install @raghulpasupathi/csam-shield and a ClawHub URL. Asking to install an external npm package to handle CSAM is high-risk unless the package source, ownership, and contents are vetted. There is no packaged code included for review here and no verification (checksums, release host), so following the instruction would run unreviewed third-party code on your system.
Credentials
Although registry metadata lists no required env vars, the instructions and sample code explicitly reference NCMEC_API_KEY and EVIDENCE_ENCRYPTION_KEY and a configuration placeholder ${NCMEC_API_KEY}. The skill also expects access to photo/video content and to collect PII (IP, device info, user info). Requesting and using such credentials and data is proportionate to the stated purpose only if declared up front and legally authorized; here those credentials are not declared or justified in metadata, which is a mismatch and a red flag.
Persistence & Privilege
The skill calls for preserving evidence indefinitely, encrypted storage, and writing to fixed secure paths. While retention is relevant to the purpose, the SKILL.md provides no guidance on access controls, where keys are stored, retention policy governance, or who reviews reports before automatic submission. The skill does not request 'always: true', which is good, but indefinite on-disk retention of sensitive material without controls is problematic.
What to consider before installing
Do not install or run this skill without further vetting. Specific steps to take before proceeding: 1) Ask the publisher for the exact npm package source (repository URL), license, and published package checksum so you can review the code and verify integrity. 2) Require the registry metadata to declare the exact environment variables and secrets (NCMEC_API_KEY, EVIDENCE_ENCRYPTION_KEY, any database/provider credentials) before installation. 3) Have legal/compliance review the automatic-reporting behavior (NCMEC reporting usually requires authorized processes and human review). 4) Only test in an isolated environment that cannot access real user data; do not point it at production uploads until code and procedures are audited. 5) Insist on a human-in-the-loop for any automatic reporting, strict access controls for evidence storage, documented retention/audit policies, and proof of legitimate PhotoDNA/PDQ/NCMEC integrations (contracts or API agreements). 6) If you cannot obtain the package source and credential requirements, treat the skill as untrusted: installing an unvetted npm package that will handle CSAM content risks accidental exposure or malicious exfiltration of extremely sensitive data.Like a lobster shell, security has layers — review code before you run it.
latestvk978r7a980wx852vc6m6ana2px81ker3
License
MIT-0
Free to use, modify, and redistribute. No attribution required.