Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
openclaw-plus
v1.0.0A modular super-skill combining developer and web capabilities. Use when the user needs Python execution, package management, git operations, URL fetching, o...
⭐ 2· 632·0 current·1 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
The name/description (developer + web capabilities) align with the included documentation and implementation. The skill implements run_python, install_package, git_status, git_commit, fetch_url, and call_api as advertised. There are no unrelated required env vars or unexpected capabilities declared.
Instruction Scope
SKILL.md and the implementation permit arbitrary Python execution, pip/apt package installation, writing files, running git commands, and making network requests. Those actions are consistent with the stated purpose, but they grant broad filesystem, process, and network access (creating files, modifying repos, installing system packages, contacting arbitrary URLs). The instructions do not attempt to read unrelated secrets or special system config paths, but they do allow creating/committing files and running arbitrary code supplied at runtime.
Install Mechanism
There is no install spec (instruction-only skill) and all code is bundled in the package. No external download/install-from-URL steps are present. The reference implementation runs local subprocesses (pip, apt, git) but does not fetch or execute remote installers as part of an install script.
Credentials
The skill does not request environment variables or credentials in manifest metadata. The implementation supports passing auth tokens/headers to API calls but does not automatically read or require env secrets. That said, the skill instructs use of sudo apt-get (system package installs) and pip with --break-system-packages, which are high-impact operations for the host system — this is proportionate to the advertised 'install system packages' capability but is powerful and potentially disruptive.
Persistence & Privilege
always is false and the skill does not request persistent system-wide configuration changes. It can run autonomously (disable-model-invocation is false) which is the platform default; combined with the skill's broad capabilities this increases operational risk if you allow autonomous runs, but autonomous invocation alone is expected for skills.
Assessment
This skill is internally consistent with its advertised purpose: it runs Python, installs packages (pip/apt), manipulates git repos, and makes network requests. Those are exactly the powerful operations you should expect. Before enabling or allowing autonomous use, consider: 1) Run it in a sandbox or throwaway environment if you plan to allow package installs or arbitrary code execution; 2) Be careful about committing files to git — review content for secrets before committing; 3) System package installs require sudo and can change the host; avoid on sensitive machines; 4) Don’t supply sensitive credentials unless necessary and only pass them directly to the call_api call (the skill does not automatically read env secrets); 5) If you plan to allow autonomous invocation, restrict scope or monitor runs because the skill can modify disk, install packages, and call external URLs. If you want a safer posture, enable the skill only for user-invoked sessions and review the implementation.py source before use.Like a lobster shell, security has layers — review code before you run it.
latestvk97cp9est7esws3pyv911skfg1819t68
License
MIT-0
Free to use, modify, and redistribute. No attribution required.