ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Clawdbot Security Check

v2.2.2

Perform a comprehensive read-only security audit of Clawdbot's own configuration. This is a knowledge-based skill that teaches Clawdbot to identify hardening opportunities across the system. Use when user asks to "run security check", "audit clawdbot", "check security hardening", or "what vulnerabilities does my Clawdbot have". This skill uses Clawdbot's internal capabilities and file system access to inspect configuration, detect misconfigurations, and recommend remediations. It is designed to be extensible - new checks can be added by updating this skill's knowledge.

33· 7.9k·66 current·72 all-time
bySeth Rose@thesethrose
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The skill's purpose—read-only security audit of Clawdbot configuration—matches the file- and env-var reads shown in SKILL.md. However, several parts mismatch that purpose: README and SKILL.md include a `--fix` mode and remediation commands (chmod, generating tokens, applying config changes) that would modify system state; skill.json claims readOnly:true and modifiesSettings:false but also lists node scripts (security-check.js) that do not exist in the package. These contradictions are material.
!
Instruction Scope
Runtime instructions tell the agent to read many Clawdbot-specific files and environment variables (e.g., ~/.clawdbot/clawdbot.json, credentials files, env | grep CLAWDBOT_GATEWAY_TOKEN), which is appropriate for an audit. But SKILL.md explicitly documents remediation steps and a `clawdbot security audit --fix` command that would change settings and file permissions. The skill also shows shell commands (stat -c, chmod, openssl, env | grep) without declaring required binaries; running these could alter configuration or expose secrets if executed. The guidance is not strictly limited to read-only behavior.
Install Mechanism
This is instruction-only (no install spec, no code files). That is lower-risk because nothing is automatically downloaded or written during install. README suggests manual installation via cloning, which is typical and not inherently risky.
Credentials
The skill does not declare required env vars but explicitly instructs checking Clawdbot-relevant envs (CLAWDBOT_GATEWAY_TOKEN, etc.). Those env vars are relevant to the stated audit purpose. No unrelated credentials are requested. Minor inconsistency: SKILL.md references tools/binaries (openssl, stat, grep) that are not declared in manifest metadata, and some commands (stat -c) are Linux-specific — a portability/detail mismatch rather than an obvious exfiltration concern.
Persistence & Privilege
always:false and user-invocable defaults are preserved. There's no claim to force-enable the skill or modify other skills. The only persistence-related concern is the earlier contradiction: skill.json declares no modifications, yet SKILL.md documents --fix behavior that would change config if executed; this is a functionality mismatch rather than an automatic privilege escalation.
What to consider before installing
This skill is plausible for auditing Clawdbot config, but it contains contradictory claims: it advertises "100% read-only" and sets readOnly:true in skill.json while its README/SKILL.md describe a `--fix` mode and commands (chmod, token generation, config patches) that would modify files/settings. Before installing or running it: 1) Verify you trust the source and inspect SKILL.md yourself; 2) Do not run any `--fix` or remediation commands unless you have backups and understand the changes; 3) If you only want read-only analysis, ensure your platform enforces read-only execution (or run the skill in an environment sandbox with no write permission); 4) Ask the maintainer why skill.json references node scripts that are not included (e.g., security-check.js) and why remediation functionality is documented despite readOnly=true. If you cannot confirm those details, treat this package as potentially unsafe to allow write operations or to run with broad exec permissions.

Like a lobster shell, security has layers — review code before you run it.

latestvk97d7zvcyg3grszn3m1jtfz6mh7zzvah

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🔒 Clawdis
OSmacOS · Linux

Comments