ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

WORKSTATION.md - Your Agent's Own Linux Server

v1.0.3

Create and SSH into cloud Linux servers with root access, instantly hosting websites on https://<name>.workstation.md via nginx on port 80.

0· 82·0 current·0 all-time
byNing Ren@renning22
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The SKILL.md instructions match the advertised capability (provision a server, give root SSH, serve content on https://<name>.workstation.md). However, the skill provides no provenance (no homepage, unknown source) and does not explain billing/ownership or what backend is being used—so it's unclear who operates the hosts and why no cloud credentials are required.
!
Instruction Scope
Runtime instructions tell the agent/user to install a third-party npm CLI, generate/use local SSH keys, create remote root servers, run arbitrary commands as root, and copy files to those servers. Those actions are consistent with the stated purpose but expand the attack surface (remote hosts you do not control, potential exfiltration if secrets/files are copied). The SKILL.md grants broad discretion (run arbitrary commands on newly provisioned root boxes) without documenting limits or safeguards.
!
Install Mechanism
There is no declared install spec in the skill metadata, yet SKILL.md instructs `npm install -g workstation.md`. Installing an unverified global npm package runs arbitrary code on the local environment and is high risk if the package or its dependencies are malicious or compromised. The skill provides no package provenance, checksum, or official homepage to verify the package.
Credentials
The skill does not request environment variables or credentials, which is reasonable for a hosted service. It does, however, instruct reading/creating SSH keys under ~/.ssh. That is expected for SSH access, but users should avoid uploading private keys or sensitive files to these remote hosts. The lack of any billing/account explanation is unexpected for a service that creates ephemeral root servers.
Persistence & Privilege
The skill is not force-included (always:false) and does not request persistent privileges in the agent system. It instructs installing a global npm CLI and generating SSH keys, which are user-level changes but not platform-level privileges. Autonomous invocation is allowed (default) but not an additional red flag here.
What to consider before installing
This skill tells you to install and run an unverified npm CLI that will create remote root-access servers you do not control. Before installing or using it, verify the npm package and its publisher (check npmjs.org page, package source code, and signatures), and confirm who operates the workstation.md backend and any billing or abuse policies. Never upload private keys or sensitive secrets to these remote machines; create a fresh, disposable SSH keypair for this use and delete it afterward. If you must try it, do so from an isolated environment (container or throwaway VM), inspect the installed package contents, and avoid transferring confidential data or credentials to the provisioned server.

Like a lobster shell, security has layers — review code before you run it.

agent-infravk970a3ngqdmyb67xb8w3pfg4fx83eqhfagent-toolvk970a3ngqdmyb67xb8w3pfg4fx83eqhfcloudvk970a3ngqdmyb67xb8w3pfg4fx83eqhfhostingvk970a3ngqdmyb67xb8w3pfg4fx83eqhfinfrastructurevk970a3ngqdmyb67xb8w3pfg4fx83eqhflatestvk9727shgc7zyq0bd8mdsyv2jf983g6besshvk970a3ngqdmyb67xb8w3pfg4fx83eqhfwebsitevk970a3ngqdmyb67xb8w3pfg4fx83eqhf

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments