ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Autoclaw

v1.0.0

Automates health monitoring, scheduled backups, and process logging for AI assistant workspaces.

0· 7·0 current·0 all-time
by@shayuqiang671-rgb
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The name/description (workspace health, backups, logging) match the code's behavior, but the monitored_processes list includes an 'OKX Trading' node script (quant-bot-v2/ai-multi-coin.js) which is unrelated to a generic AI-assistant workspace tool. That suggests the author repurposed personal configs into this skill; it's unexpected and should be reviewed before use.
!
Instruction Scope
SKILL.md is minimal and tells the user to run python autoclaw.py. The actual script performs filesystem checks, copies files into a backups directory, and writes logs. The README suggests editing an autoclaw_config.json, but the shipped autoclaw.py does not read any config file and instead uses a hardcoded workspace path. This mismatch between docs and runtime instructions is a red flag: the program will act on C:\Users\Administrator\.openclaw\workspace by default rather than a user-specified workspace unless the user edits the script.
Install Mechanism
No install spec or external downloads; it's an instruction-only skill with a bundled Python script. Nothing is fetched from third-party URLs and there are no installer scripts that write arbitrary binaries to disk.
Credentials
The skill requests no environment variables or credentials. It does, however, read and copy files inside the workspace (e.g., config.json, MEMORY.md, memory_data/ai_memory.db). This is proportionate for a backup/health tool, but users should note sensitive workspace files will be duplicated into backups and logs.
Persistence & Privilege
The skill does not request always:true and does not modify other skills or system-wide configurations. It writes backups and logs under the workspace directory only. No autonomous privilege escalation is indicated.
What to consider before installing
This skill is not overtly malicious but shows worrisome inconsistencies. Before installing or running: 1) Inspect and edit autoclaw.py to set a safe workspace path (do not rely on the hardcoded C:\Users\Administrator\... path). 2) Remove or review the monitored_processes entry for 'OKX Trading' if you don't expect a trading bot in your workspace. 3) Note the README mentions an autoclaw_config.json which the script does not use — the script ignores that config, so either modify the script to read your config or avoid running it. 4) Backups are local copies of workspace files (including memory DBs); ensure this behavior is acceptable and that backups are stored securely. 5) Run the script in a sandboxed environment (container or VM) first to confirm behavior, and consider asking the author to clarify the config behavior and the presence of unrelated process monitoring.

Like a lobster shell, security has layers — review code before you run it.

latestvk976g229b299wdfh5h763pbsm5841ba9

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

AutoClaw

Automated health check and backup tool for AI agents and workspaces.

Description

AutoClaw provides automated system monitoring, health checks, and backup functionality for AI assistant workspaces.

Installation

clawhub install autoclaw

Usage

python autoclaw.py

Features

  • Automatic health checks
  • Scheduled backups
  • Process monitoring
  • Logging with timestamps

License

MIT License

Files

4 total
Select a file
Select a file to preview.

Comments

Loading comments…