ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Canvas

v1.0.0

Display and control HTML content on connected Mac, iOS, or Android nodes via a web-based canvas with live reload and remote actions.

1· 2.7k·685 current·697 all-time
by@lura2
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The SKILL.md describes a web-hosting + remote-control canvas for connected nodes, which matches the skill name and description. However the instructions assume the presence of tools/daemons (openclaw CLI, tailscale, jq, curl, lsof) and Node-like components (chokidar, WebSocket injection) even though no required binaries or dependencies are declared—this mismatch suggests missing metadata.
Instruction Scope
Instructions are scoped to hosting static HTML, live-reload, and controlling nodes (present/hide/navigate/snapshot). They explicitly tell the agent/operator to read ~/.openclaw/openclaw.json and to use tailscale status and openclaw nodes list. The 'eval' action permits executing arbitrary JavaScript inside the remote WebView — this is coherent with the described control capability but is a high-impact operation that the SKILL.md does not describe safeguards for.
!
Install Mechanism
This is instruction-only (no install spec). The document references chokidar (file watcher), WebSocket injection, and a host server, implying Node packages and runtime components — but there are no install steps, no declared packages, and no instructions on how the host server is provided. That omission increases risk because users won't know what code would be installed or run to provide the described features.
Credentials
The skill declares no required environment variables or credentials, which is consistent with being a local host tool. It does reference Tailscale hostnames and binding modes (loopback/lan/tailnet) but doesn't request Tailscale credentials; this is plausible but should be documented. The major proportionality concern is capability rather than requested secrets: the 'eval' action can execute arbitrary JS on connected nodes and live-reload watches the local filesystem, both of which can be abused if misconfigured.
Persistence & Privilege
always:false and no install spec mean the skill does not request forced persistence or elevated platform privileges. The SKILL.md asks operators to update ~/.openclaw/openclaw.json to enable/configure the canvas host, which is a normal local configuration action and confined to the skill's scope.
What to consider before installing
What to consider before installing/using this skill: - Missing install/dependency information: The SKILL.md references Node components (chokidar, WebSocket injection) and CLI tools (openclaw, tailscale, jq, curl, lsof) but does not declare or provide installation steps. Ask the author for a clear install spec and list of required binaries and packages. - Remote code execution risk: The 'eval' action runs arbitrary JavaScript inside connected devices' WebViews. Only use this on fully trusted nodes and personnel. Confirm whether there are any access controls, auth, or allowlists for eval and remote actions. - Network exposure: Binding to LAN or Tailscale exposes the HTTP server to other hosts. Prefer 'loopback' during development, and secure production hosts (firewalls, TLS, authentication) if you must use lan/tailnet. - Live-reload and file watching: The host watches a local directory and injects a WebSocket client into HTML. Ensure only trusted HTML/JS files are placed in the canvas root to avoid serving/executing untrusted code on nodes. - Configuration review: Before enabling, inspect ~/.openclaw/openclaw.json and file/directory permissions. If you must run any server binaries, review their source and installation artifacts. - When in doubt: request from the skill author (or registry owner) a) an install spec, b) a list of runtime dependencies and versions, c) documentation of security controls around eval/navigation, and d) whether the canvas host supports auth/TLS or an allowlist for node connections.

Like a lobster shell, security has layers — review code before you run it.

latestvk975k733qbsngtgjevqa8bqj7x81935d

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments