ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

AgentBox

v1.0.0

AgentBox VM operating instructions: services, config, x402 payments, skill updates, troubleshooting. Load this at the start of every session.

0· 384·0 current·0 all-time
byMisha Kolesnik@tenequm
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name and description match the SKILL.md content: this is an AgentBox VM operations guide (services, config paths, payments, troubleshooting). However the manifest does not declare the many local config paths and a Solana wallet that the instructions reference, which is an omission that reduces transparency.
!
Instruction Scope
The runtime instructions reference system-level commands (sudo systemctl restart caddy/ttyd), explicit filesystem paths under ~/.openclaw (config, logs, skills), and a Solana wallet file. They describe an x402 plugin that transparently signs USDC payments on 402 responses. Those are operational actions with sensitive side effects (automatic signing of on-chain payments) and go beyond a simple informational readme.
Install Mechanism
Instruction-only skill with no install spec and no code files — nothing will be written to disk by the skill package itself. This is the lowest-risk install mechanism from the registry side.
!
Credentials
The SKILL.md references a local Solana wallet at ~/.openclaw/agentbox/wallet-sol.json and requires that it hold USDC for automatic payments, but the skill declares no required config paths or credentials. The skill therefore implies access to a sensitive private key without declaring it in the manifest; that mismatch is a red flag.
!
Persistence & Privilege
always:true is set so this skill is force-loaded at session start. That could be reasonable for a VM runbook, but combined with references to a local wallet and automatic payment behavior it materially increases the blast radius if the agent is ever allowed to act autonomously.
What to consider before installing
Before installing: (1) confirm why always:true is required — consider running it manually instead of forcing it at every session; (2) verify where the Solana wallet private key is stored and whether the agent or any skills will be allowed to read it; if automatic on-demand payments are enabled, restrict wallet funds (use a small balance) or require explicit user approval; (3) ask the publisher to declare required config paths/credentials in the registry metadata (the SKILL.md references many paths but the manifest lists none); (4) restrict or audit any actions that run sudo/systemctl from the agent; (5) if you must use this in production, run it in an isolated VM with limited funds and full backups and review gateway/x402 plugin source before trusting automated payments.

Like a lobster shell, security has layers — review code before you run it.

latestvk97ej8znemdap45cyf2rp3h3nh81wv84

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments