ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

ClawRecipes

v0.4.23

Create and deploy markdown-based agent and team configurations with built-in workflow management and pre-built recipe templates for OpenClaw.

0· 60·0 current·0 all-time
by@rjdjohnston
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The name/description match the code, docs, and CLI actions in the bundle: recipe authoring, scaffolding, workflows, bindings, and installing other skills. Required env/config access is minimal and consistent with scaffolding and applying OpenClaw config. The README and docs describe expected behavior (apply-config, cron jobs, outbound posting) which aligns with the implemented handlers.
Instruction Scope
SKILL.md only instructs users to install the plugin and run openclaw recipes commands; it does not ask for unrelated environment variables or instruct data exfiltration. However, the plugin's functionality explicitly includes applying OpenClaw agent config, reconciling cron jobs, and installing other skills (ClawHub). Those are expected for a scaffolding tool but are powerful actions — users should inspect generated files and review prompts before using --apply-config, enabling cronInstallation:on, or enabling outbound posting.
Install Mechanism
No automated external install spec is included (the package is provided as code/docs). The README/documents propose installing from npm or via a linked checkout, which are reasonable and expected paths. There are no download-from-arbitrary-URL installs or untrusted extract steps in the provided metadata.
Credentials
The skill does not declare required environment variables or credentials. The documented and coded behaviors operate on workspace files and OpenClaw config (tool policy, cron entries, skill installs) which are proportional to scaffolding and workflow management. There are no unexplained requests for unrelated secrets in SKILL.md or the docs.
Persistence & Privilege
The skill is not always-enabled (always: false). It can modify OpenClaw agent config, install other skills, and reconcile cron jobs when scaffolded or when --apply-config is used; these are normal for a scaffolding plugin but grant the ability to change tool policies (including enabling exec or outbound posting) if the user opts in. Because the skill may cause system-level effects when applying config or installing skills, users should review changes before confirming.
Assessment
This plugin appears to do what it claims (scaffold teams/agents, manage file-first workflows, install skills). Before installing or using --apply-config, do these checks: 1) inspect the recipe files the plugin will write (scaffold into a test workspace first), 2) review any proposed OpenClaw config changes (tool policies, especially allow: exec or allow: outbound.post), 3) be cautious enabling cronInstallation:on or outbound posting — those can cause scheduled jobs or external posts, and 4) installing skills via ClawHub is expected but can pull arbitrary code; prefer pinned/known packages. Note the package metadata lists no homepage/source in the registry header even though docs point to a GitHub repo; if provenance matters, verify the repository and publisher identity before trusting wide deployment.
scripts/scaffold-agent-recipefile-smoke.mjs:13
Shell command execution detected (child_process).
scripts/scaffold-smoke.mjs:13
Shell command execution detected (child_process).
scripts/scaffold-team-provenance-smoke.mjs:13
Shell command execution detected (child_process).
scripts/smell-check.mjs:23
Shell command execution detected (child_process).
tests/index-handlers.test.ts:319
Environment variable access combined with network send.
!
tests/index-handlers.test.ts:308
File read combined with network send (possible exfiltration).
!
tests/install-handler.test.ts:210
File read combined with network send (possible exfiltration).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk974tr8es3fyr2rrma60xynrb983mb1d

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments