ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

EDI MSP Toolkit

Provides IT MSP tools for Azure/M365 audits, NPU monitoring, and firewall, SSH, and system health checks.

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 487 · 0 current installs · 0 all-time installs
by@phibuc87
MIT-0
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The description promises scripts (Azure/M365 audits, NPU monitoring, firewall/SSH healthchecks) but the package contains only SKILL.md and no actual scripts. Claiming specific executable components (msp-dashboard.py, healthcheck, nuc-reset.sh) without shipping them is incoherent.
!
Instruction Scope
SKILL.md directs the agent to run 'npm install clawhub' and 'clawhub publish /home/cc/.openclaw/workspace/skills/msp-toolkit'. That publish command references a hard-coded local path (the user's home) which would cause the agent to read and transmit local files; the instructions are vague and grant broad discretion to install and publish content.
!
Install Mechanism
There is no declared install spec in the manifest, but the instructions ask to install an npm package. Installing third-party packages at runtime can execute arbitrary code; the skill provides no provenance or justification for installing 'clawhub'.
!
Credentials
The skill declares no required env vars yet instructs operations that implicitly access local filesystem paths and potentially a publishing service. Requesting no credentials while telling the agent to publish local content is disproportionate and opaque.
Persistence & Privilege
The skill is not set to always:true and does not request elevated platform privileges. However, the publish step could modify a remote registry or upload local files; that behavioral effect is not reflected in the manifest and is unexpected for a simple instruction-only skill.
What to consider before installing
This skill is inconsistent: it advertises scripts but contains none, and tells the agent to install an npm package and publish a hard-coded local path (/home/cc/...). That could cause the agent to read and upload files from your machine or install and run third-party code. Before installing, ask the publisher for the actual script files and a trustworthy source URL, verify what 'clawhub publish' does and where it sends data, avoid running npm installs from untrusted packages in your environment, and never allow publishing of paths that point into your home directory unless you fully trust the skill author. If you must test, run it in a tightly sandboxed environment with no access to sensitive files or credentials.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.0
Download zip
latestvk97awa9zhp5pen8m39vbt9m2ed817c95

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

MSP Toolkit Skill

description: Essential tools for IT MSP workflows – Azure/M365 audits, NPU monitoring, health checks.

metadata: {"clawdbot":{"emoji":"🔧","os":["linux"]}}

Core Functions

  • msp-dashboard.py: Daily Azure/M365 status.
  • healthcheck: Firewall/SSH/update audits.
  • nuc-reset.sh: NPU reboot script.

Setup

npm install clawhub clawhub publish /home/cc/.openclaw/workspace/skills/msp-toolkit

Files

1 total
Select a file
Select a file to preview.

Comments

Loading comments…