Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Red Alert (Israel)
v1.1.0Israeli Home Front Command alerts - fully OpenClaw native. No Home Assistant. No wacli. No Docker monitor. OpenClaw handles everything: WhatsApp + TTS.
⭐ 1· 385·0 current·0 all-time
by@shaike1
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill's code and installer clearly require an OpenClaw CLI, Docker, and optional Home Assistant / 3CX endpoints, but the registry metadata declares no required binaries or environment variables — that's a mismatch. The functionality (polling an OREF proxy, sending WhatsApp via OpenClaw, TTS and optional 3CX calls) is coherent with the description, but the packaging/metadata understates the actual dependencies and privileges.
Instruction Scope
SKILL.md and install.sh instruct the agent/user to run a persistent Python monitor, add an @reboot crontab entry, and run a Docker proxy. The runtime code posts to external endpoints (CX3_API and HA_URL) and invokes the OpenClaw CLI via subprocess. The instructions persist long‑running processes, write logs to /var/log/oref_native.log, and place full environment assignments into the crontab line — which can expose secrets. There is an unexpected default HA_URL (https://ha.right-api.com) in the code (not documented in README), which is surprising and should be verified.
Install Mechanism
install.sh pulls a Docker image (dmatik/oref-alerts:latest) from Docker Hub and runs it as a proxy. Downloading and running an unreviewed third‑party container is higher risk because arbitrary code runs on the host. The script also runs pip install for Python packages and modifies crontab and starts background processes. No digital signature or verified release host is provided for the docker image.
Credentials
The code expects and uses multiple environment values (OPENCLAW_BIN, OREF_API_URL, MONITORED_AREAS, WHATSAPP_GROUP_JID, WHATSAPP_OWNER, HASS_SERVER, HASS_TOKEN, CX3_API, CX3_EXTENSION, etc.), but the registry lists none. Sensitive values (HASS_TOKEN, CX3 configuration) may be stored in .env and then embedded into the crontab string, which increases exposure. The code also embeds a default WHATSAPP_OWNER phone number and a default HA_URL pointing to an external domain — unexpected and should be questioned.
Persistence & Privilege
The installer adds an @reboot crontab entry that includes full environment assignments and starts a persistent background monitor (nohup &). It also creates a Docker container that restarts unless stopped. While persistence is consistent with a monitoring service, writing env values (including tokens) into crontab and placing long‑running processes under root paths (/root/.openclaw/...) increases the attack surface and the chance of unintended credential exposure.
What to consider before installing
Before installing: 1) Verify the source/trustworthiness of the Docker image dmatik/oref-alerts (inspect the image contents or vendor) — pulling an untrusted container runs arbitrary code. 2) Confirm you have a legitimate OpenClaw CLI and understand that the skill will call it via subprocess. 3) Inspect and control environment values: avoid using real HASS_TOKEN or other production credentials during testing; note that install.sh writes env values into crontab (which may expose secrets), so prefer a safer startup mechanism (systemd unit with protected env file or run under an unprivileged user). 4) Investigate the unexpected defaults in the code (HA_URL defaulting to https://ha.right-api.com and the embedded WHATSAPP_OWNER number) — change them or remove them before running. 5) If you want to proceed, run the monitor in an isolated test environment (non‑privileged account, VM/container) and manually review the Docker image and the Python script for any network calls or data exfiltration you don't expect. 6) If you are not comfortable auditing the Docker image or the script, do not install on production systems that hold sensitive credentials or data.Like a lobster shell, security has layers — review code before you run it.
latestvk9781bm31v97jb1adj8x5gsrtd824nvy
License
MIT-0
Free to use, modify, and redistribute. No attribution required.