Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Skill Operator
v1.0.1Manage installed skills with a web UI for visualization, backup-backed uninstall, updates via git, and AI-powered evolution with rollback support.
⭐ 0· 446·0 current·0 all-time
by@rbbcarl
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
Registry metadata (name: 'Skill Operator', description: managing installed skills, web UI, backups, git updates, rollback) does not match the included SKILL.md, README, and code, which implement 'AgentComm' (Nostr + LAN messaging, IPFS file sharing). This is a substantive mismatch — a skill-op manager would not need Nostr/zeroconf/IPFS code. The mismatch could be an accidental packaging error or intentional mislabeling; either way it is incoherent.
Instruction Scope
The SKILL.md and README instruct generating keypairs, starting an HTTP server listening on 0.0.0.0:8765, advertising with mDNS, discovering peers on the LAN, sending files to IPFS, and messaging via Nostr relays. The included code implements these behaviors and additionally: (a) auto-installs Python packages at import time (subprocess pip install), (b) actively scans the local subnet by issuing HTTP requests to every .1-.254 address, and (c) will accept POSTed messages and files over the network. These runtime actions go beyond simple 'helper' tools and require explicit user consent and network consideration. The SKILL.md does not clearly call out the active LAN scanning behavior (it promises discovery but the code uses an aggressive scan), nor does the registry metadata warn about these network operations.
Install Mechanism
No formal install spec is declared, but the code performs runtime installation: multiple files attempt to pip-install dependencies (nostr, zeroconf) via subprocess.run when imports fail. That means network retrieval and package installation will occur automatically when the skill is imported/executed. This is higher-risk than a pure instruction-only skill because it writes to the environment and fetches code from PyPI without an explicit install step.
Credentials
Registry metadata lists no required env vars, but README mentions optional/expected envs (NOSTR_PRIVATE_KEY, NOSTR_RELAYS, IPFS_API_URL). The code will generate and use a private key (nsec) and can accept a private key from environment — this is a sensitive secret. The skill requests ability to listen on a network port and access the network and filesystem (for reading files to upload). Those privileges are consistent with a comms/file-share skill but they were not declared in registry metadata, and asking for a private key (nsec) should be highlighted as sensitive.
Persistence & Privilege
always:false (normal). The skill will start a persistent LAN HTTP server (0.0.0.0:8765), advertise via mDNS, and run background threads. That gives it a continuous network presence on the LAN while enabled. This behavior is plausible for a communication skill, but it increases blast radius — if you install it trustworthily, consider running in a restricted environment or ensuring only trusted LAN peers can reach the port.
What to consider before installing
Do not install this into a production or internet-connected environment yet. Key issues to resolve before trusting it: (1) The registry listing claims a completely different purpose (Skill Operator) than the shipped code (AgentComm). Ask the publisher to explain and provide a trusted source/homepage. (2) The code auto-installs Python packages at runtime (pip install), which modifies your environment; prefer an explicit, reviewed install step. (3) The skill will open an HTTP server on 0.0.0.0 and actively scan the local subnet (requests to many LAN IPs) and upload files to IPFS/public relays — run only in an isolated VM or sandbox if you want to test. (4) The skill can use or generate a Nostr private key (nsec) — treat that as a secret and do not import any real/production keys until you audit the code. Recommended actions: verify source (git repo/homepage), ask the author why metadata is mismatched, review full source (especially the truncated upload code paths), run in an isolated environment, and consider network segmentation/firewalling to limit LAN exposure.Like a lobster shell, security has layers — review code before you run it.
latestvk97bst8t615b03a97q14fscqhn81vrvsmanagementvk97es3fmbxpbp724n02kmx3wmx81t9kautilityvk97es3fmbxpbp724n02kmx3wmx81t9ka
License
MIT-0
Free to use, modify, and redistribute. No attribution required.