ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Peon Ping for Openclaw

v1.0.0

Install and configure PeonPing with an opinionated default (Orc Peon voice) so alerts work immediately with minimal user friction. Use when the user asks for...

0· 380·0 current·0 all-time
bySal@sal-jim
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
Purpose & Capability
The name/description (install/configure PeonPing with an Orc Peon default) matches the instructions: Homebrew install or fallback install script, setup, and peon CLI configuration commands. No extra credentials, unrelated binaries, or unexplained config paths are requested.
Instruction Scope
SKILL.md instructs the agent to run shell commands to install and configure PeonPing (brew install, peon-ping-setup, peon CLI commands). These are in-scope for an installer skill, but they require executing commands on the user's machine and will modify system state. The instructions do not ask for reading files, secrets, or unrelated system paths.
!
Install Mechanism
No install spec is provided in registry metadata; the runtime instructions use Homebrew (low risk) and a fallback curl -fsSL ... | bash from raw.githubusercontent.com (higher risk because it executes a remote script). Piping a remote script into bash is an elevated risk pattern and should be reviewed manually; the skill does not include the installer source for vetting.
Credentials
The skill requests no environment variables, no credentials, and no config paths. This is proportionate to its stated purpose.
Persistence & Privilege
The skill is instruction-only, always:false, and does not request persistent system-wide privileges or modify other skills’ configs. Autonomous invocation is allowed (platform default) but not combined with other privilege escalations.
What to consider before installing
This skill's behavior is coherent with installing/configuring PeonPing, but it instructs the agent to run system commands and offers a fallback that pipes a remote installer into bash. Before installing: 1) Prefer the Homebrew path if you have Homebrew. 2) If using the curl fallback, review the installer script on GitHub yourself instead of running it blindly (curl | bash runs remote code as you). 3) Expect the installer to modify system files and possibly require elevated permissions and audio/notification permissions. 4) Verify the upstream project (https://github.com/PeonPing/peon-ping) is legitimate and unchanged. 5) If you are uncomfortable with remote-script execution, run the visible commands yourself in a controlled shell or decline installation.

Like a lobster shell, security has layers — review code before you run it.

latestvk97b4ys5fy9wy7kav2v5yyfa8981x8zw

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments