ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Iobroker Simple Api

v1.3.0

Full access to ioBroker via the iobroker simple-api adapter. Read states, objects, historical data, write to states, execute scripts, and more.

1· 49·0 current·0 all-time
bySanweb@sanwebgit
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The skill implements HTTP calls to an ioBroker simple-api endpoint (get/set/query/exec/etc.), reads OpenClaw config for the ioBroker URL and optional Basic Auth, and lists/executes operations described in the README/SKILL.md. Declared capabilities (full ioBroker access) align with the code. The package dependency (ws) is plausible for subscriptions even if the visible code uses HTTP.
Instruction Scope
SKILL.md and the implementation mostly match: commands map to HTTP endpoints on the simple-api adapter and the skill reads openclaw.json for configuration. Minor documentation mismatches: SKILL.md mentions detecting OPENCLAW_STATE_DIR and 'creating default config on first run', but the code only checks OPENCLAW_HOME and HOME-based fixed paths and does not write configs. Also SKILL.md claims auto-detection via installation path; code only checks the two fixed file locations. These are documentation/code inconsistencies but not malicious scope creep.
Install Mechanism
No remote install/downloads or extracted archives are present in the spec. The skill is shipped as code files with a standard package.json (dependency on 'ws'), which is proportionate for an ioBroker client that may use websockets for subscriptions.
Credentials
The skill requests no environment variables or credentials via registry metadata. In practice the code reads OPENCLAW_HOME and HOME to locate openclaw.json; it will also accept username/password in that config for basic auth to ioBroker. That matches the stated purpose. There are no unrelated credential requests or omnibus env access.
Persistence & Privilege
The skill is not set always:true and uses normal autonomous invocation defaults. The code is read-only with respect to OpenClaw config (it reads openclaw.json but does not write), and it does not modify other skills or system-wide settings. No elevated persistence is requested.
Assessment
This skill appears to do what it says: it contacts an ioBroker simple-api endpoint and can read/write states and execute scripts on that ioBroker instance. Before installing, confirm: 1) The configured baseUrl points to a trusted ioBroker instance on your LAN (do not point to an Internet-exposed controller). 2) Only provide username/password if you trust the skill and the OpenClaw environment; Basic Auth credentials will be sent to the configured ioBroker URL. 3) The exec: and eval: commands send code to ioBroker for execution — those are powerful and can run arbitrary automation on your system, so limit access to trusted agents/users. 4) Be aware of small doc/code mismatches (OPENCLAW_STATE_DIR mention and 'create default config' claim) — these are likely documentation drift, not malicious behavior. If you need higher assurance, review the full skill.js (especially the truncated parts) or run it in a sandboxed environment first.

Like a lobster shell, security has layers — review code before you run it.

latestvk976a84k7zr1te0k3hjsrf9sbn83p4gv

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments