ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Configure Tools

v1.0.0

Configure OpenClaw tool policies, exec security, and per-agent tool restrictions. Use when asked to set up tool access for an agent, restrict tools, configur...

0· 145·1 current·1 all-time
byKarl Varga@kjvarga
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description align with the instructions: the SKILL.md describes configuring tool policies, exec security, profiles, and using the gateway to apply patches. The required capabilities (editing openclaw.json or calling gateway) are consistent with the stated purpose.
!
Instruction Scope
The instructions explicitly reference editing ~/.openclaw/openclaw.json and using the gateway tool (config.patch). The skill metadata did not declare that it would touch or require that config path. Editing global per-agent or global tool policies is high-impact and the SKILL.md gives no guidance about authorization checks or safeguards beyond a checklist.
Install Mechanism
Instruction-only skill with no install spec and no code files — no additional software is downloaded or executed by the skill itself.
Credentials
No environment variables, credentials, or external services are requested. However, the runtime assumes the agent has access to the gateway tool and the filesystem path for ~/.openclaw/openclaw.json; those implicit privileges are not declared in metadata.
!
Persistence & Privilege
The skill's recommended actions modify persistent configuration (global or per-agent openclaw.json) and can change tool access for multiple agents. This is coherent with its purpose but is a privileged action; the SKILL.md does not require or describe explicit authorization or audit steps prior to applying changes.
What to consider before installing
This skill is coherent: it tells an agent how to configure tool and exec policies and how to apply them via the gateway or by editing ~/.openclaw/openclaw.json. Before installing or running it, verify: (1) who/what has permission to call the gateway tool (it can make global changes); (2) back up ~/.openclaw/openclaw.json and test changes on a non-production agent first; (3) restrict invocation to authorized users/agents (the skill can affect many agents); (4) confirm that any gateway-issued config.patch will be audited and reversible; and (5) consider asking the skill author to declare the config path and required privileges in the metadata so you can review them automatically. If you cannot limit who can invoke the gateway or cannot audit changes, treat this skill with caution.

Like a lobster shell, security has layers — review code before you run it.

latestvk971thfpwdbdxrxhwq0t80spv1837j8a

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments