Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Clawsec 1.0.0
v1.0.0Intercept and inspect AI agent HTTP/HTTPS traffic with MITM proxy to detect and log exfiltration and injection threats in real time.
⭐ 0· 159·1 current·1 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The SKILL.md claims a full MITM proxy (generating a CA, signing per-host certs, a ~876-line Python script, a requirements file, Docker deployment, persisted CA volume, and logs) — all of which normally require shipped code and an install spec. The published package contains only skill.md and _meta.json (no code files, no install). That mismatch is a strong incoherence: either the package is incomplete or the skill is misrepresenting what it provides.
Instruction Scope
The runtime instructions direct the agent/user to generate and install a local CA into system trust stores (sudo/system keychains), modify environment variables to route all HTTP/HTTPS traffic through the proxy, and run docker-compose or python scripts. These steps grant the proxy visibility into all HTTPS traffic (including secrets) and modify system trust — very high scope. The SKILL.md also references running binaries/files (clawsec-monitor.py, requirements, Dockerfile) that are not present in the package, so following the instructions as-is is impossible and would require obtaining external code.
Install Mechanism
There is no install specification even though the document lists requirements (cryptography>=42.0.0), scripts, and Docker artifacts. The absence of any install or code files combined with instructions that assume on-disk artifacts is inconsistent and risky: a user following the doc would need to fetch code from an unspecified source, which is a high-risk action.
Credentials
The skill declares no required environment variables or credentials, yet the described behavior (MITMing HTTPS, reading all agent traffic) inherently accesses highly sensitive data (API keys, private keys, credentials appearing in HTTP bodies/headers). The SKILL.md instructs installing a CA into system trust and exporting PROCESS-LEVEL CA overrides that affect other processes — a privilege and scope not reflected in the metadata. This is disproportionate and not declared.
Persistence & Privilege
While the skill is not marked 'always:true', its procedures explicitly instruct persistent, system-level changes (installing a CA into the system trust store, a Docker volume to persist the CA, setting global proxy env vars). Those actions give long-lived, system-wide visibility into HTTPS traffic. The skill's metadata does not disclose or request this level of persistence or elevated privilege.
What to consider before installing
Do not install or run anything from this skill as-is. The documentation claims scripts, requirements, and Docker artifacts that are not included in the package — you'd have to fetch code from an unspecified source to proceed, which is high risk. Installing a local CA into your system trust store or routing all traffic through a proxy lets that software see every HTTPS request/response (including API keys, secrets, private keys). If you want this functionality, ask the publisher for: (1) the complete source files and checksums, (2) a verifiable upstream repository or release artifacts (GitHub release, reproducible build), (3) a clear install mechanism and minimal permissions required, and (4) instructions for running in an isolated, disposable environment (VM/container) and for per-process (non-system-wide) trust-only modes. If you cannot verify the code and origin, run nothing that installs a CA or modifies system trust on your host; test only inside an isolated VM or ephemeral container and audit the code first.Like a lobster shell, security has layers — review code before you run it.
latestvk9777w50hhwwrzb0zg5jgh6ken83hq64
License
MIT-0
Free to use, modify, and redistribute. No attribution required.