ClawHub
Skill flagged β€” suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Security Check

πŸ”’ Pre-installation security verification for external code and dependencies. Automated risk analysis for GitHub repos, npm packages, PyPI libraries, and she...

MIT-0 Β· Free to use, modify, and redistribute. No attribution required.
⭐ 0 · 150 · 0 current installs · 0 all-time installs
bynullweave@gawezepobi09-debug
MIT-0
Security Scan
VirusTotalVirusTotal
Benign
View report β†’
OpenClawOpenClaw
Suspicious
medium confidence
β„Ή
Purpose & Capability
The name/description and SKILL.md consistently describe a pre-install security scanner for GitHub, PyPI, npm, and direct URLs; the listed integration endpoints (GitHub API, PyPI JSON, npm registry, OSV, GitHub Advisory) are appropriate and expected for that purpose. One minor mismatch: the skill references Snyk (which requires an API token for full API access) but the registry metadata declares no required credentials or primaryEnvβ€”this is plausible (the skill can rely on OSV/GitHub/unauthed endpoints), but it is an unexplained omission that should be clarified.
β„Ή
Instruction Scope
SKILL.md stays within the stated scope: detect install commands (git clone / pip install / npm install / curl | bash), fetch metadata from registries and advisories, compute a risk score, and ask for confirmation. It does instruct auto-proceed for 'Safe' results (auto-install), which is coherent with the feature but increases operational risk because it implies the skill will execute install commands on the user's behalf. The instructions do not ask the agent to read unrelated system files or exfiltrate environment variables.
βœ“
Install Mechanism
This is an instruction-only skill with no install spec and no code files to run on install, which is the lowest-risk install mechanism. No external archives, custom binaries, or obscure download URLs are present.
!
Credentials
The skill references external services (Snyk, possibly GitHub Advisory API with higher rate limits) that commonly require API tokens, but the skill metadata declares no required environment variables or primary credential. This is a proportionality gap: if the implementation uses Snyk/GitHub authenticated endpoints it will require tokens, but those aren't declared. Also, auto-proceeding with installs means the skill may execute commands that could access local resources; users should confirm whether the skill will run commands only after local confirmation and whether it will store or require any tokens.
βœ“
Persistence & Privilege
The skill does not request permanent inclusion (always: false), and does not declare changes to other skills or system-wide settings. Autonomous invocation is allowed (default) but that is expected for skills that monitor commands; combined with the auto-proceed behavior this increases the impact if misconfigured, but there is no explicit excessive privilege requested in the metadata.
Scan Findings in Context
[base64-block] unexpected: The scanner flagged a base64-block pattern. The repository README contains a base64-encoded SVG badge (data:image/svg+xml;base64,...), which explains the finding and is likely benign. However base64 blocks can be used for obfuscated payloads or prompt-injection payloads; because the scanner reported this against SKILL.md content, double-check that no embedded/base64 content contains executable instructions or hidden payloads.
What to consider before installing
What to check before installing: 1) Clarify credentials: ask the author whether SNYK and/or a GitHub token are required, and if so where/how tokens are expected to be provided. The skill references Snyk and authenticated advisory endpoints but declares no required env varsβ€”this should be explicit. 2) Confirm auto-install behavior: the skill's docs say 'auto-proceed' for items scored Safe. If you want manual control, verify configuration to disable auto-install, or require explicit confirmations for all installs. 3) Rate limits & failover: understand how the skill handles API rate limits and outages (the SKILL.md mentions caching and rate limiting as best practices but does not declare defaults). Without auth tokens GitHub rate limits are low and could cause failures. 4) Inspect files for obfuscated content: the scanner flagged a base64 block (from an SVG badge). Review all repository files for any other embedded/encoded content (base64, long data blocks) to ensure nothing hidden is executing or being used to inject prompts. 5) Test in a safe environment: run the skill in an isolated VM or sandbox and observe logs/behavior before letting it auto-install packages on your primary system. 6) Ask for an implementation or code: this skill is instruction-only in the package you provided. If the platform will run agent code based on these instructions, request the actual implementation code (how it executes checks and installs) so you can audit exact commands the agent will run. If you want, I can draft specific questions to ask the skill author (about tokens, auto-proceed defaults, logging, and sandboxing) or produce a short checklist to validate the implementation before trusting automatic installs.

Like a lobster shell, security has layers β€” review code before you run it.

Current versionv1.0.1
Download zip
auditvk97ctrjp2g240k17w7r64d1d7d82n0d6cvevk97ctrjp2g240k17w7r64d1d7d82n0d6dependenciesvk97ctrjp2g240k17w7r64d1d7d82n0d6githubvk97ctrjp2g240k17w7r64d1d7d82n0d6latestvk97ctrjp2g240k17w7r64d1d7d82n0d6npmvk97ctrjp2g240k17w7r64d1d7d82n0d6pypivk97ctrjp2g240k17w7r64d1d7d82n0d6safetyvk97ctrjp2g240k17w7r64d1d7d82n0d6securityvk97ctrjp2g240k17w7r64d1d7d82n0d6snykvk97ctrjp2g240k17w7r64d1d7d82n0d6vulnerabilityvk97ctrjp2g240k17w7r64d1d7d82n0d6

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

Security Check

Pre-installation security verification for external code and dependencies.

Core Principle

Always verify before you download. External code (GitHub repos, npm packages, PyPI libraries, scripts) can contain malicious code, vulnerabilities, or supply chain attacks. This skill automates security checks before executing potentially dangerous commands.

When to Use

Automatically trigger security check before:

  • git clone <url> β€” GitHub/GitLab repositories
  • pip install <package> β€” Python packages
  • npm install <package> β€” Node packages
  • curl <url> | bash β€” Shell scripts
  • Downloading any external code for execution

How It Works

1. Detect Source Type

Identify what's being installed:

  • GitHub URL β†’ Repository check
  • PyPI package name β†’ Package check
  • npm package name β†’ Package check
  • Direct URL β†’ Script/file check

2. Gather Security Metrics

Based on source type, collect:

For GitHub repos:

  • Stars, forks, watchers
  • Last commit date
  • Open issues (especially security labels)
  • Contributors count
  • License type
  • Code of Conduct presence

For PyPI packages:

  • Downloads per month
  • Release frequency
  • Maintainer info
  • Known CVEs (via safety DB)
  • Dependencies count

For npm packages:

  • Weekly downloads
  • Dependencies count (fewer is better)
  • Link to source code
  • License
  • Known vulnerabilities (Snyk)

3. Calculate Risk Score

Use threshold-based scoring (inspired by Skantek):

Risk Score = 0

# Positive signals (reduce risk):
- High stars/downloads: -10
- Recent activity (< 30 days): -5
- Well-known maintainer: -5
- Clear license: -3
- Few dependencies: -5

# Negative signals (increase risk):
- No activity (> 1 year): +15
- No license: +10
- Many dependencies: +5 per 10 deps
- Known CVEs: +20 per CVE
- Suspicious patterns: +25

Risk Levels:

  • Score < 0 β†’ βœ… Safe (proceed automatically)
  • 0 <= Score < 15 β†’ ⚠️ Review (show summary, ask confirmation)
  • Score >= 15 β†’ ❌ Dangerous (strong warning, manual approval required)

4. Show Summary

Present findings:

πŸ”’ Security Check: <package/repo>

Risk Level: ⚠️ REVIEW

Metrics:
  βœ… Stars: 15.2k | Forks: 3.1k
  ⚠️  Last commit: 8 months ago
  βœ… License: MIT
  ⚠️  Open security issues: 2
  βœ… Dependencies: 5

Known Issues:
  - CVE-2024-12345 (Medium severity, patched in v1.2.3)

Recommendation: Update to v1.2.3+ before installing.

Proceed? [Y/n]

5. Request Confirmation

Based on risk level:

  • βœ… Safe β†’ Inform user, proceed automatically (unless user explicitly wants review)
  • ⚠️ Review β†’ Show summary, ask confirmation
  • ❌ Dangerous β†’ Strong warning, require explicit approval

Implementation Pattern

# Before: git clone https://github.com/user/repo
# After:
1. Detect: GitHub repo
2. Fetch metrics via GitHub API
3. Calculate risk score
4. Show summary
5. Ask confirmation if needed
6. Proceed or abort

Integration Points

GitHub API

curl -s "https://api.github.com/repos/{owner}/{repo}"

Returns: stars, forks, updated_at, open_issues_count, license

PyPI JSON API

curl -s "https://pypi.org/pypi/{package}/json"

Returns: downloads, releases, maintainers

npm Registry

curl -s "https://registry.npmjs.org/{package}"

Returns: downloads (via npm-stat), dependencies, license

Vulnerability Databases

Best Practices from Research

Based on Adyen's Skantek and GitHub's Dependabot:

  1. Use fewer dependencies β€” Each dependency multiplies risk
  2. Regular rescanning β€” Zero-day exploits need monitoring
  3. Private registry β€” For approved packages (optional)
  4. Threshold-based β€” Not binary safe/unsafe, but risk spectrum
  5. Compatibility scores β€” Check if update breaks CI tests

Guardrails

  • Never bypass without user knowledge β€” Always inform about security checks
  • Never auto-install flagged packages β€” Require manual approval for high-risk
  • Log all decisions β€” Track what was installed and why
  • Rate limit API calls β€” GitHub/npm/PyPI have rate limits

Example Workflows

Example 1: Safe Package

User: pip install requests

Security Check:
βœ… SAFE: requests (PyPI)
  - Downloads: 50M/month
  - Last release: 2 weeks ago
  - License: Apache 2.0
  - Dependencies: 5
  - Known CVEs: 0

Proceeding with installation...

Example 2: Risky Repo

User: git clone https://github.com/suspicious/tool

Security Check:
❌ DANGEROUS: suspicious/tool
  - Stars: 12
  - Last commit: 3 years ago
  - Open issues: 45 (3 security labels)
  - No license
  - Risk score: 35

⚠️  This repository shows multiple red flags.
   Consider alternatives or manual code review.

Proceed anyway? [y/N]

Example 3: Update Needed

User: npm install left-pad

Security Check:
⚠️  REVIEW: left-pad@1.0.0
  - Downloads: 2M/week
  - CVE-2024-xxxxx: Prototype pollution (High)
  - Fixed in: v1.0.1

Recommendation: Install v1.0.1 instead.

Use latest version? [Y/n]

Future Enhancements

When skill matures:

  1. Local cache β€” Cache risk scores for 24h to reduce API calls
  2. Pattern detection β€” Scan code for suspicious patterns (eval, exec, shell commands)
  3. CI/CD integration β€” Block deployments with vulnerable dependencies
  4. Custom rules β€” User-defined thresholds and blocklists
  5. Reports β€” Generate security audit logs

References

For detailed implementation guidance:

  • See references/skantek-approach.md β€” Adyen's methodology
  • See references/vulnerability-databases.md β€” How to query CVE databases

Files

4 total
Select a file
Select a file to preview.

Comments

Loading comments…