ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Openclaw Mutual Repair

v1.0.0

Enables two OpenClaw instances to monitor each other via heartbeat, perform health checks, diagnose issues, and remotely repair for 24/7 stable operation.

0· 53·0 current·0 all-time
by@rfdiosuao
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name, README, SKILL.md, skill.json and src/index.ts all describe a two-node heartbeat, health-check and repair system. The declared permissions (exec, network) match the implementation which runs shell checks and posts heartbeats to the peer; these capabilities are proportionate to the stated purpose.
Instruction Scope
SKILL.md confines instructions to configuring hosts/ports, starting/stopping the service and using health/diagnose/repair commands. The runtime code executes local system commands (free, top, pm2, ss, ping, nc) and sends HTTP requests to the configured remoteHost — this is within the expected scope but means the skill will read system state and may run repair commands when triggered.
Install Mechanism
No explicit install spec is provided (instruction-only) but the package contains code and package.json (axios dependency). That means ClawHub will install code/deps when added; lack of an install/verified release URL increases the surface for supply-chain concerns compared with a well-known package release mechanism.
!
Credentials
The skill declares no required environment variables (good) and permissions are reasonable for the task. However, documentation (PUBLISH.md) contains an embedded Claw-CLI token string, which appears to be a credential leaked into the repo; this is unrelated to normal runtime needs and is a red flag. Also remote-repair behavior may require SSH access (SKILL.md mentions SSH keys), so operators should ensure SSH use is limited and keys are managed securely.
Persistence & Privilege
always:false and default autonomous invocation are set (normal). The skill does not request system-wide config changes in the manifest. Autonomous invocation combined with exec/network is powerful but expected for an ops/repair skill; no evidence it demands persistent elevated platform privileges.
Scan Findings in Context
[embedded_publish_token_in_docs] unexpected: PUBLISH.md includes a Claw-CLI token value (clh_wf...); this looks like a leaked credential in the repository and is not required by the skill to run on target hosts. The static pre-scan reported no injection signals, but this artefact is still a security concern.
[truncated_source_file] unexpected: The provided src/index.ts content was truncated in the package listing. That prevents a complete audit of the repair/executeRepair implementation (possible remote command execution paths). Full file review is needed to verify there are no unexpected behaviors.
What to consider before installing
This skill broadly matches its description (two-node heartbeat, health checks, and remote repair), but review these items before installing: - Remove or rotate any leaked credentials: PUBLISH.md contains what looks like a Claw-CLI token — treat it as compromised and rotate it. - Audit the full src/index.ts (the provided snippet was truncated) to confirm how repairs are executed (particularly whether it runs ssh/remote commands and with what arguments). If repairs invoke shell commands or SSH, ensure the commands are explicit and limited, and that SSH keys are tightly controlled. - Run the skill in an isolated/staging environment first. The service listens by default on 0.0.0.0:9528 — configure firewalls to restrict access to the peer only and avoid exposing the port to the public internet. - Ensure the host has expected utilities (pm2, nc, ss, ping) and that parsing of their output is robust for your OS; poorly parsed outputs can lead to incorrect diagnoses. - Prefer least privilege: provide only the network connectivity necessary to the configured peer, and do not enable remote-repair until you have confirmed its exact behavior. If you want, I can: 1) search the repo for other potential secrets, 2) try to reconstruct the truncated part if you can provide the rest of src/index.ts, or 3) produce a short checklist of safe configuration and firewall rules for deploying this skill.
src/index.ts:177
Shell command execution detected (child_process).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk9716p46654km6t0fjbcz8yw8983p5bq

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments