ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

ClawHub Quarantine Installer

v1.0.3

Instala e audita skills do ClawHub em um ambiente de quarentena isolado para análise de segurança, permitindo revisar riscos antes de promover para produção....

0· 572·0 current·0 all-time
by@alessandropcostabr
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description match the implementation: scripts create a quarantine directory, call 'npx clawhub install --force' to install the target skill into that directory, and run a ripgrep-based audit. Required tools listed in SKILL.md (Node/npm/npx, clawhub CLI, ripgrep) are appropriate and proportional to the stated purpose.
Instruction Scope
The runtime instructions and scripts stay within scope: they install into $HOME/.openclaw/clawhub-quarantine/skills, then scan files with ripgrep and produce a report. However, the install step uses 'npx' to fetch and install remote packages; npm install lifecycle scripts can execute arbitrary code during installation. The skill does warn users to run it in an isolated VM/container, but the scripts themselves do not enforce isolation.
Install Mechanism
There is no platform install spec; the scripts rely on 'npx clawhub' to pull code from the registry. This is expected for an installer/auditor, but fetching and running remote code (via npx/npm) is intrinsically higher risk than purely local operations. The scripts do not download from obscure URLs or shorteners; they use the standard npm/npx flow, which is traceable but executes lifecycle scripts.
Credentials
The skill requests no environment variables, credentials, or unusual config paths. The audit script looks for code patterns that access environment variables (via ripgrep) but does not itself read secrets. The lack of requested credentials is appropriate for the stated purpose.
Persistence & Privilege
The skill does not request permanent/always-on presence and does not modify other skills or global agent configuration. It writes to a user-owned path in $HOME for quarantine and reports, which is consistent with its function.
Assessment
This skill is coherent with its purpose but it performs npm/npx installs of third-party code, which can run arbitrary install-time scripts. Only run this in a properly isolated environment (ephemeral VM or container). Do not mount secrets, credentials, or host file systems into the sandbox. Run as an unprivileged user, restrict network egress if possible, and capture/log network and filesystem activity during the installation. Treat the ripgrep audit as a first-pass heuristic — follow up with manual code review of the downloaded SKILL.md and source. If you prefer safer inspection, consider downloading the package tarball (or using 'npm pack' or an authenticated registry mirror) and inspecting contents before invoking any install or lifecycle scripts.

Like a lobster shell, security has layers — review code before you run it.

latestvk97b9w44hqpck305z4zkeg832x81j5h5

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments