ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Security

Runs a backend-backed live safety check for instructions that may trigger tool execution, external calls, file edits, permission changes, destructive or irre...

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 185 · 0 current installs · 0 all-time installs
by@modeioai
duplicate of @modeioai/security-2
MIT-0
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the implementation. The code and SKILL.md implement a backend-backed safety check CLI that posts instruction/context/target to a safety API. Required binary (python3) and the mentioned dependency (requests) align with this purpose; there are no unrelated credentials or binaries requested.
Instruction Scope
The runtime instructions explicitly send the instruction text, context, and target to an external backend (default URL: https://safety-cf.modeio.ai/api/cf/safety or overridden via SAFETY_API_URL). This is expected for a backend-backed safety check, but it means anything you pass (including resource identifiers or connection strings) will be transmitted off-host. The SKILL.md notes this behavior and instructs callers to provide context/target for state-changing ops.
Install Mechanism
No install spec is provided (instruction-only install), which is low risk from arbitrary code downloads. However, the package requires the third-party 'requests' library at runtime; the code includes a shim that surfaces a dependency_error if requests is missing. There is no automated step to install requests, so the CLI will fail until requests is present.
Credentials
The skill declares no required environment variables and no credentials; it does accept an optional SAFETY_API_URL override. That is proportionate. Important: callers must avoid embedding secrets in the 'target' or 'context' fields because those values are sent to the remote safety API (examples in the docs include DB-like targets).
Persistence & Privilege
The skill is not always-enabled and is user-invocable. It does not request elevated agent/system privileges, does not modify other skills, and does not persist credentials. Allowing autonomous invocation is the platform default and is not grounds for concern here.
Assessment
This skill is coherent with its stated purpose: it posts instructions + context + a target to a remote safety API and returns the backend's decision. Before installing: (1) confirm you trust the default backend (https://safety-cf.modeio.ai) or set SAFETY_API_URL to a backend you control if you will pass sensitive resource identifiers; (2) don't pass secrets (passwords, full DB connection strings with credentials, private keys) in the --target or --context fields because they will be transmitted; (3) ensure the 'requests' Python package is available in the runtime environment or the CLI will raise a dependency_error; (4) review the default endpoint and code (modeio_guardrail/cli/safety.py) if you want to self-host the safety backend or verify data handling. The skill appears to do what it claims, but consider the privacy implications of sending targets/context to an external service.

Like a lobster shell, security has layers — review code before you run it.

Current versionv0.1.1
Download zip
latestvk979abs7ekk9r91gqv53258t6s82qdm7

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binspython3

SKILL.md

Run backend-backed live safety checks

Use this skill to gate instructions that may trigger tools or state changes behind a backend-backed safety decision before execution.

This skill is for live instruction and operation safety only. For pre-install repository auditing, use skill-audit.

Maintainer-only validation assets are excluded from ClawHub uploads.

Scope

  • Included:
    • live instruction safety checks through scripts/safety.py
    • backend-backed retry/error normalization for pre-execution decisions
  • Not included:
    • pre-install repository auditing (skill-audit)
    • content masking or restoration workflows (privacy-protector)
    • request/response gateway routing (modeio-middleware)

Working directory

Run these commands from inside the security folder.

Requirements

  • Hard requirement: python3
  • Required package for successful live checks: requests
  • Required runtime condition: network reachability to the safety backend
  • Optional override: SAFETY_API_URL

Core commands

python3 scripts/safety.py -i "Delete /tmp/cache/build-123.log" \
  -c '{"environment":"local-dev","operation_intent":"cleanup","scope":"single-resource","data_sensitivity":"internal","rollback":"easy","change_control":"none"}' \
  -t "/tmp/cache/build-123.log" --json

python3 scripts/safety.py -i "DROP TABLE users" \
  -c '{"environment":"production","operation_intent":"destructive","scope":"broad","data_sensitivity":"regulated","rollback":"none","change_control":"ticket:DB-9021"}' \
  -t "postgres://prod/maindb.users" --json

Context contract

Pass --context as JSON with these keys when the instruction may change state:

{
  "environment": "local-dev|ci|staging|production|unknown",
  "operation_intent": "read-only|cleanup|maintenance|migration|permission-change|destructive|unknown",
  "scope": "single-resource|bounded-batch|broad|unknown",
  "data_sensitivity": "public|internal|sensitive|regulated|unknown",
  "rollback": "easy|partial|none|unknown",
  "change_control": "ticket:<id>|approved-manual|none|unknown"
}

--target should be a concrete resource identifier such as an absolute path, table name, service name, or URL.

Runtime notes

  • Success envelope: success, tool, mode, data
  • Error envelope: success, tool, mode, error
  • Error types: validation_error, dependency_error, network_error, api_error
  • For state-changing work, provide both --context and --target so the backend has enough context to judge risk
  • If the check fails with network/API/dependency issues, do not silently proceed
  • The CLI forwards the request and returns the backend result; it does not locally enforce caller policy

Caller policy guidance

approvedrisk_levelAgent action
truelowProceed.
truemediumProceed and mention the risk.
falsemediumRequire explicit confirmation before proceeding.
falsehighBlock by default and require explicit override.
falsecriticalBlock and require explicit acknowledgement before any override.

Resources

  • scripts/safety.py — live safety check entry point
  • ARCHITECTURE.md — command-safety package boundaries

When not to use

  • Pre-install or repository-level inspection that should happen before any execution attempt
  • Pure planning, summarization, or clearly read-only analysis with no tool call or state-change path
  • Data transformation tasks that need to rewrite or mask content rather than score runtime safety
  • Local routing or middleware scenarios where you need to sit in front of upstream model traffic

Files

7 total
Select a file
Select a file to preview.

Comments

Loading comments…