ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Execution Verifier

v1.1.0

Enforce real progress for long-running tasks by separating execution from reporting. Use when users complain that the agent is "saying it's working" without...

0· 398·2 current·2 all-time
byRichardSun@richardsun700
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description (verify real progress via file/commit checks) matches the included scripts' behavior. However the skill implicitly expects external CLIs (git, and the example uses an openclaw CLI) but the metadata declares no required binaries; that's an omission and a documentation mismatch.
!
Instruction Scope
The verifier reads the OPEN_TASKS file and extracts backtick-marked paths, then stats those files (mtime/size) and runs git to check commits — scope-appropriate. But the closed-loop uses an execute-cmd string run via subprocess with shell=True, meaning the skill can execute arbitrary system commands when it detects 'no progress'. Also backtick paths can point to absolute system files, causing the verifier to report metadata about arbitrary files. Both behaviors broaden scope beyond pure verification and can have surprising effects.
Install Mechanism
Instruction-only with no install spec — nothing is downloaded or written during install, which minimizes install-time risk.
Credentials
No environment variables or credentials are requested (good). But the skill uses git and expects an 'openclaw' executor in examples; those CLIs and any credentials they rely on are not declared. The closed-loop can invoke executors that may access secrets or network resources, so the lack of declared dependencies understates the required runtime privileges.
Persistence & Privilege
always is false (good). The skill can be invoked autonomously (platform default). The real risk is enabling closed-loop auto-execution: the verify_execute_verify script will trigger arbitrary execute-cmd commands automatically when progress is not detected, increasing operational privilege if used without restrictions.
What to consider before installing
This skill appears to implement what it claims (detecting file/commit progress), but take precautions before using it: 1) Inspect and control any execute-cmd you pass to the closed-loop script — it will be executed via the shell and can run arbitrary commands. Avoid using closed-loop auto-execute until you trust the executor command. 2) Ensure git and any executor CLI (example: openclaw) are available and understood — add them to documentation/requirements. 3) Review OPEN_TASKS content to ensure backtick paths don't reference sensitive system files (the verifier will report file metadata for any referenced paths). 4) Prefer running the verifier in an isolated environment or with least privilege, and consider modifying the scripts to avoid shell=True or to sanitize/whitelist allowed executor commands. If the author confirms the missing declared dependencies (git/openclaw) and that execute-cmd will be restricted to safe, audited commands, the concerns become much smaller.

Like a lobster shell, security has layers — review code before you run it.

latestvk97cgdzrmbtfxsk0hfzn4x102h821b9r

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments