ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

snlib-cli

v2026.4.7

Run Seongnam Library (snlib.go.kr) tasks from the command line. Use when you need login, book search, my-info (내 정보 조회)/loan status (대출 현황) checks, interlibr...

0· 117·0 current·0 all-time
by정문식@ruseel
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (library login, search, status, requests) align with required binaries (bash, java, clojure) and required env vars (SNLIB_USER, SNLIB_PASSWORD). Requiring Java/Clojure is expected for a Clojure CLI wrapper.
Instruction Scope
SKILL.md instructs running the included script with credentials via environment variables and documents read-only vs write commands. It does not ask for unrelated files, credentials, or system state beyond the declared env vars and a specified session directory (~/.config/snlib-cli/).
Install Mechanism
No install spec is provided, but the runtime script invokes clojure which will fetch the io.github.ruseel/snlib-cli artifact from Maven Central (-Sdeps). Fetching from Maven Central is a standard Clojure practice, but it means remote code is downloaded and executed at runtime — a normal behavior here but a security consideration.
Credentials
Only SNLIB_USER and SNLIB_PASSWORD are required, which is proportionate for a library-login and request tool. The skill stores session data under ~/.config/snlib-cli/ as documented.
Persistence & Privilege
always is false and the skill does not request elevated or global agent privileges. It does not modify other skills' configurations. Autonomous invocation is allowed (platform default) but not combined with other concerning privileges.
Assessment
This skill appears to do what it says: it runs a Clojure CLI (requires java + clojure) and uses SNLIB_USER/SNLIB_PASSWORD for library operations. Before installing, verify the upstream project (https://github.com/ruseel/snlib-cli) and the Maven artifact io.github.ruseel/snlib-cli@20260407 to ensure you trust that code — the helper script will cause your environment to download and execute that artifact from Maven Central at runtime. If you have security concerns: (1) avoid reusing a high-privilege password (create a dedicated library account or rotate credentials after use), (2) run the tool in a sandbox or isolated environment, (3) test read-only commands first as recommended, and (4) inspect the repository/artifact source code if possible. The skill stores session data under ~/.config/snlib-cli/ so review or clear that directory if needed.

Like a lobster shell, security has layers — review code before you run it.

latestvk971wkvjxchg1q5aep62vahmyd84dw2f

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binsbash, java, clojure
EnvSNLIB_USER, SNLIB_PASSWORD

Comments