Skillv1.1.1

ClawScan security

Fly Install · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 9, 2026, 11:29 AM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The README and SKILL.md say downloads come from clawhub.ai, but the included script fetches zips from an unrelated convex.site API and will extract them locally — a clear mismatch that could lead to installing arbitrary code.
Guidance: Do not run this script blindly. Specific steps to consider before installing: 1) Inspect fly-install.sh locally — check the CLAWHUB_API variable (currently points to wry-manatee-359.convex.site). 2) Verify the download endpoint: prefer official clawhub.ai URLs or the skill's GitHub repository; avoid unknown personal/third-party hosts. 3) If you need automation, replace the CLAWHUB_API with the official clawhub.ai download endpoint or use GitHub clone only. 4) Run the script in a sandbox or non-privileged account, and do not run any downloaded code until you unpack and inspect its contents (look for unexpected binaries, post-install scripts, or network callbacks). 5) Ensure required tools (git, curl/wget, jq, unzip) are available and declared/installed. 6) Check the fly-install GitHub repo and author reputation, and prefer manual GitHub cloning of the skill when possible. If you want, I can show exactly where the script contacts the convex.site host and suggest a safe edit to point it to clawhub.ai instead.

Review Dimensions

Purpose & Capability: concernThe skill's stated purpose (alternate install methods for ClawHub skills) matches the script's behavior (GitHub clone, download zip, manual instructions). However the script hard-codes a non-official download endpoint (https://wry-manatee-359.convex.site/api/v1/download) instead of clawhub.ai as claimed in the docs. Also the package does not declare required binaries (git, curl/wget, jq, unzip) even though the script uses them.
Instruction Scope: concernSKILL.md documents using GitHub and clawhub.ai. The runtime script follows that flow for GitHub but attempts to download zips from a third-party convex.site host without documenting this endpoint. The script will download and unzip remote archives into the user's skills directory, which is appropriate for an installer but risky when the source is untrusted or undocumented.
Install Mechanism: concernThere is no formal install spec (instruction-only) and the included fly-install.sh performs network downloads from an unexpected domain (convex.site) and extracts archives locally. Downloading archives from a non-official, unverified URL and extracting them (extract=true behavior) is a high-risk install mechanism unless the endpoint and artifacts are verified.
Credentials: concernThe skill requests no environment variables or credentials (appropriate), but it contacts an undocumented external API host. The external endpoint in the script is inconsistent with the documented clawhub.ai source, which is disproportionate and unexplained for the stated purpose.
Persistence & Privilege: okThe skill does not request elevated privileges, does not set always:true, and only writes into the user's skills directory (~/.openclaw/workspace/skills). It does not modify other skills or system config. This is normal for an installer script.