Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
AI Skill Maintainer
v1.1.0AI公司 Skill 维护工作流(CTO 版本治理 + CISO 安全运营标准版)。当需要对已发布的 Skill 进行版本更新、bug修复、功能增强、依赖升级、安全补丁、废弃(deprecation)管理时触发。触发关键词:更新技能、更新 Skill、修复 Skill bug、增强 Skill、升级依赖、打安全补...
⭐ 0· 56·1 current·1 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name, description, and SKILL.md consistently describe a Skill maintenance workflow (diagnose, patch, security-patch, deprecate, emergency-isolate, dependency-audit). The operations described are coherent with a maintainer/CTO+CISO role.
Instruction Scope
SKILL.md defines actions that read/write/modify other skills (patch, emergency-isolate, deprecate) and requires isolated sessions and role-based callers (CISO-001/CTO-001). However the registry metadata declares no required config paths, no required binaries, and no credentials — a mismatch: the instructions assume platform-level access and authorization enforcement that the declared requirements do not enumerate.
Install Mechanism
Instruction-only skill with no install spec and no code files to write to disk. Low install risk (nothing will be downloaded or executed by the skill package itself).
Credentials
The skill declares no environment variables or credentials (reasonable for an instruction-only spec). But the runtime model relies on high-authority caller identities (CISO-001/CTO-001) and an authorization string field. The platform must enforce and map those caller IDs/authorizations to real principals; the skill itself does not request or document how those secrets/credentials are supplied.
Persistence & Privilege
always:false and autonomous invocation allowed (normal). The skill's capabilities include modifying other skills and performing emergency isolation — legitimate for a maintainer but high-impact. Because the registry metadata does not declare the needed config paths or explicit privileges (L3 read/write to skills), platform-level privilege and audit controls must be confirmed before enabling autonomous invocation.
What to consider before installing
This instruction-only skill appears to be a legitimate maintenance workflow, but it assumes the agent platform will grant it significant authority (read/write access to other skills, emergency isolation, and role-based authorization). Before installing or allowing autonomous invocation, verify the following with your platform admin:
- Ensure the platform enforces caller identity and authorization (CISO-001/CTO-001) and that those IDs map to real human roles with appropriate controls.
- Confirm isolated sessions are enforced and that the skill cannot bypass isolation to access unrelated data or system paths.
- Explicitly map and limit the filesystem/config paths the skill may read/write (declare these in policy); the skill's metadata currently lists none.
- Require audit logging and human review/approval for high-impact tasks (security-patch, emergency-isolate, patch that changes code) or at minimum a manual approval step for P0/P1/emergency operations.
- Because there is no code to review, review your platform integration (how sessions_send/sessions_spawn are implemented) to ensure the skill cannot be used to execute arbitrary changes outside its intended scope.
If you cannot confirm these controls, treat the skill as potentially dangerous and limit its privileges or require manual invocation only.Like a lobster shell, security has layers — review code before you run it.
automationvk9799bfqdsqcfhmrgbxx2ngntd84pj3zctivk9799bfqdsqcfhmrgbxx2ngntd84pj3zlatestvk9799bfqdsqcfhmrgbxx2ngntd84pj3zmlopsvk9799bfqdsqcfhmrgbxx2ngntd84pj3z
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🔧 Clawdis
OSLinux · macOS · Windows