Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
CyberLens Security Scanner
v1.2.1Scan websites, GitHub repositories, and Claw Hub skills for practical security issues using a local quick website scan and CyberLens cloud analysis when conn...
⭐ 0· 98·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name/description (website, GitHub, and Claw Hub skill scanning) match the shipped code: scanner, API client, auth flow, and CLI examples. Required binary (python3) and declared primary credential (CYBERLENS_API_KEY) are appropriate for the described cloud features.
Instruction Scope
Runtime instructions and code perform expected actions: local quick scans, downloading and extracting Claw Hub skill packages for local analysis, and using the CyberLens cloud API for repository scans. The skill also runs a browser-based connect flow that opens a browser and starts a local callback HTTP server to receive a one-time connect code (binds to localhost by default). These are normal for this purpose but worth noting because they perform network I/O, write a local config file, and extract remote archives to disk.
Install Mechanism
There is no installer download step in the registry (no external install URL); code is included in the package and dependencies are typical Python packages (httpx, beautifulsoup4, pydantic, pyyaml, reportlab). No high-risk install downloads or obscure external installers are present in the manifest.
Credentials
The declared primary credential (CYBERLENS_API_KEY) is justified for cloud scans. The skill also references several optional environment variables (CYBERLENS_API_BASE_URL, CYBERLENS_CONNECT_CALLBACK_URL, CYBERLENS_CONNECT_BIND_HOST, CYBERLENS_CONNECT_BIND_PORT) in SKILL.md and auth.py but these optional vars were not listed under required.env in the registry metadata — the behavior is legitimate but the registry record is incomplete. Be aware the API base can be overridden by env vars, which could redirect scan traffic if set to an untrusted endpoint.
Persistence & Privilege
The skill does not request always:true and uses normal agent-invocation. It will persist an API key to ~/.openclaw/skills/cyberlens/config.yaml by default (the code sets restrictive permission attempts 0o700/0o600). It also starts a short-lived local callback server for OAuth-style connect flows (binds to loopback by default). These behaviors are expected for an account-connect flow and local config storage.
Assessment
This skill appears coherent for its stated purpose, but review these points before installing: 1) Connecting an account opens your browser and starts a local callback server to receive an API key — only proceed if you trust https://cyberlensai.com. 2) The skill will download and extract Claw Hub skill packages to disk for analysis; run it in an environment you control if you are concerned about handling untrusted archives. 3) The package stores the CyberLens API key at ~/.openclaw/skills/cyberlens/config.yaml by default (you can instead set CYBERLENS_API_KEY in the environment to avoid disk persistence). 4) Optional environment variables (CYBERLENS_API_BASE_URL and callback overrides) can change where requests are sent; do not set them to untrusted endpoints. 5) If you need extra assurance, review the scanner and auth code (auth.py and api_client.py are included) or run scans in an isolated/test environment before enabling for sensitive workflows.src/skill_scanner.py:30
Dynamic code execution detected.
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.Like a lobster shell, security has layers — review code before you run it.
latestvk972srs6mxar0d1jk91yh8x5zn83z64j
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🔒 Clawdis
Binspython3
Primary envCYBERLENS_API_KEY