ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Openclaw Devboxes Skill

v1.4.0

Manage development environment containers (devboxes) with web-accessible VSCode, VNC, and app routing via Traefik or Cloudflare Tunnels. Use when the user as...

0· 375·2 current·2 all-time
by@adshrc
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill claims to manage devboxes (VSCode, VNC, routing) which matches the included scripts and README, but the registry metadata lists no required env vars/credentials while the SKILL.md and scripts clearly require Docker socket access, optional GitHub PAT, Cloudflare API token/tunnel tokens, and a host path for Traefik. The omission of those required credentials/configs in the metadata is an inconsistency.
!
Instruction Scope
Onboarding must be run on the MAIN agent with exec/gateway and filesystem access; instructions explicitly tell the user/agent to inspect Docker mounts, modify host permissions (chmod 666 on /var/run/docker.sock and suggest chmod 777 on the Traefik host path), write files into host-mounted Traefik paths, and register DNS records via the Cloudflare API. Those actions go beyond small, contained setup steps and grant broad host-level effects.
Install Mechanism
There is no install spec (instruction-only), and the skill relies on pulling a container image from ghcr.io (ghcr.io/adshrc/openclaw-devbox:latest) which is a reasonable approach. No arbitrary binary downloads or URL-shortener installers are present. Still, pulling an external container image is an operational trust decision and should be audited.
!
Credentials
The skill requires sensitive tokens and host access in practice (CF_API_TOKEN, CF_TUNNEL_TOKEN, optional GITHUB_TOKEN, write access to a host-mounted Traefik directory, Docker socket access), but the registry metadata declared none. Requesting Docker socket access and advising chmod 666/777 are disproportionate and increase risk; Cloudflare tokens should be limited-scope but are still sensitive and will be stored in agent config per README.
Persistence & Privilege
The skill is not marked always:true and is user-invocable. However onboarding runs on the main agent and will store Cloudflare/tunnel tokens and other config in the agent config, giving the skill persistent credentials. This is expected for a routing-oriented skill but elevates long-term risk if credentials are broad or not rotated.
What to consider before installing
This skill does roughly what it says (spawn browser/VNC/VSCode containers and expose them via Traefik or Cloudflare), but it asks you to give the agent host-level powers and sensitive credentials. Before installing: 1) Inspect the container image (ghcr.io/adshrc/openclaw-devbox:latest) and the included scripts; only proceed if you trust the publisher. 2) Avoid following the advice to ‘chmod 666 /var/run/docker.sock’ or to make host dirs world-writable; instead add the container user to the docker group or use least-privilege socket access patterns. 3) If using Cloudflare, create a narrowly-scoped API token (only Zone:DNS:Edit and Tunnel:Edit if required) and rotate it after onboarding; confirm the skill will store tokens securely. 4) Prefer mounting a dedicated host directory (not a system path) and review any files written to the Traefik mount. 5) Consider running the onboarding steps manually (pull image, run scripts, verify DNS calls) rather than allowing the agent to run them automatically. 6) Ask the maintainer why required credentials/env vars are missing from the registry metadata and request an explicit listing of required permissions. If you cannot audit the image and scripts, treat this skill as high-risk and avoid granting broad host privileges.

Like a lobster shell, security has layers — review code before you run it.

1.2.1vk976vha1bdh583v7a0zn6rg459819e2a1.3.1vk978m5d05bxpaxw8g0ee9gmvt581bgy21.3.2vk97dwg1f41gtezdqf6zpv6j3pn81cbjg1.4.0vk97e852ka3ny20vhbfs6z9zq2582h9qrlatestvk97e852ka3ny20vhbfs6z9zq2582h9qr

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments