ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Clawdocs Improved

v1.0.0

OpenClaw documentation expert with config references, errata tracking, search scripts, and decision tree navigation

0· 623·2 current·2 all-time
byFrank@sallvainian·fork of @nicholasspisak/clawddocs (1.2.2)
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description match the provided files: the SKILL.md plus the references/* and snippets/* files together implement a documentation/config reference skill. The included scripts (search, fetch, sitemap, cache, track-changes) are proportionate to a docs/search helper.
Instruction Scope
SKILL.md explicitly instructs the agent/user to read local reference files and snippets and to run bundled scripts (./scripts/*.sh) to search/fetch docs and build indexes. It also tells users to check /tmp/openclaw/openclaw.log for reload errors and to cross-reference an external 'Context7 /openclaw/openclaw' source — these are within scope for a docs skill but do cause the agent to interact with local files and to perform network fetches. The SKILL.md also recommends running an external installer via curl -fsSL https://openclaw.ai/install.sh | bash in the 'install/deploy' advice — that is a high‑risk operation if executed without review. Overall the instructions are coherent but grant the agent discretion to fetch remote content and read/write under the user's home directory; exercise caution.
Install Mechanism
There is no install spec (instruction-only), which is low risk. The shipped shell scripts use curl to fetch docs from docs.openclaw.ai and write caches to ${HOME}/.openclaw/cache/clawddocs. Those network calls and filesystem writes are expected for this functionality; no obscure download URLs or archive extraction were found in the provided files.
Credentials
The skill does not declare required env vars or credentials (none required), which aligns with being a documentation helper. However, the reference documents include many example config fragments containing placeholders like ${OPENAI_API_KEY}, ${OPENCLAW_GATEWAY_TOKEN}, etc. Those are examples in docs (expected), but they could confuse an agent or user into thinking secrets are needed or should be read — the SKILL.md itself does not request them. Confirm the agent will not attempt to read environment variables or secret files unless the user explicitly asks it to.
Persistence & Privilege
always:false and no install spec — the skill does not request persistent global inclusion or elevated platform privileges. Its scripts write under the user's home (~/.openclaw/cache/clawddocs) which is reasonable for caching; the skill does not attempt to alter other skills or system-wide configuration in the files reviewed.
Scan Findings in Context
[system-prompt-override] unexpected: A prompt‑injection signature was detected in SKILL.md. The visible SKILL.md primarily contains doc navigation and instructions to use local references and the bundled scripts, but this pre-scan flag suggests the skill text may include phrasing that could try to modify agent system behavior. Treat this as a potentially risky pattern and review the skill text and how the agent runtime enforces system prompts before enabling.
What to consider before installing
What to check before you install or run this skill: - Review the bundled shell scripts (./scripts/*.sh) yourself. They fetch docs from https://docs.openclaw.ai and write cached files under ~/.openclaw/cache/clawddocs; ensure you are comfortable with those network calls and local writes. - Do NOT run the recommended curl -fsSL https://openclaw.ai/install.sh | bash command without inspecting that script first — that pattern can install arbitrary code. - The SKILL.md and reference files include many example placeholders like ${OPENAI_API_KEY} and ${OPENCLAW_GATEWAY_TOKEN}. The skill does not declare it requires secrets, but be explicit: do not let the skill (or the agent using it) read environment variables or secret files unless you explicitly permit it. - The pre-scan detected a 'system-prompt-override' pattern. That can be a false positive for documentation content, but it can also indicate phrasing intended to influence the agent runtime. If you plan to allow the agent to invoke the skill autonomously, restrict its capability to run shell commands or access secrets until you've validated behavior in a sandbox. - If you only want read-only help, use the skill as a human-in-the-loop tool: run scripts yourself in a controlled shell and paste snippets into the agent, rather than allowing the agent to run them autonomously. If you want higher confidence about safety, provide the full omitted scripts/content (the scan noted some files were truncated) and test the scripts in an isolated environment (container or VM) to observe their network calls and filesystem changes.

Like a lobster shell, security has layers — review code before you run it.

latestvk9789n66bh1jqskbz36atmxjpn81ndmc

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments