ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Env Tool

v1.0.0

Display, set, and manage environment variables in shell sessions. Use when inspecting or modifying the runtime environment.

0· 27·0 current·0 all-time
byBIN@dinghaibin

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for dinghaibin/env-tool.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Env Tool" (dinghaibin/env-tool) from ClawHub.
Skill page: https://clawhub.ai/dinghaibin/env-tool
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install env-tool

ClawHub CLI

Package manager switcher

npx clawhub@latest install env-tool
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The name/description say "Display, set, and manage" environment variables and the SKILL.md describes running commands with modified environments, but the included script (scripts/env.py) only reads and prints environment variables or a single variable's value. The advertised ability to set variables or run commands with a modified environment is not implemented.
!
Instruction Scope
Runtime instructions and examples focus on listing and querying variables (which matches the script) but also mention temporary assignments and running commands with modified environments — actions not supported by the code. The script will print all environment variables (including secrets) if run, so using it can expose sensitive information; that behavior is consistent with 'inspect' but the SKILL.md overclaims capabilities.
Install Mechanism
There is no install spec (instruction-only), but a code file is included. Without an install step the agent/platform must be able to execute scripts from the skill bundle; this is common but you should confirm how/where the script will be executed. No external downloads or third-party packages are used.
!
Credentials
The skill declares no required credentials (ok) but the tool inherently reads and prints the entire process environment. That can reveal secrets (API keys, tokens) from the host environment. Requesting no env vars is coherent, but the ability to enumerate all environment variables is powerful — users should assume it can exfiltrate anything in env if output is transmitted elsewhere.
Persistence & Privilege
The skill does not request persistent presence (always:false) and does not modify other skills or system-wide settings. It does not request elevated privileges in the manifest.
What to consider before installing
This skill is coherent for inspecting environment variables but its README/description overpromise: the included script only prints a variable or lists all env vars — it does not set variables or run commands with modified environments. Before installing, consider: (1) Do not grant this to agents that run autonomously against environments containing secrets, because the script will reveal all environment variables. (2) Confirm how the platform executes the bundled script (no install step provided). (3) If you need a tool that sets variables or runs commands with modified env, update or replace the script — do not assume that functionality exists. (4) Review and test the script in an isolated environment first; restrict its use to interactive, user-invoked sessions if you want to avoid accidental secret exposure.

Like a lobster shell, security has layers — review code before you run it.

latestvk971vy03mf8bkxpbxgc818rs0x85qqz8
27downloads
0stars
1versions
Updated 6h ago
v1.0.0
MIT-0
BIN@dinghaibin
latest
Download

Environment Variable Manager

View and control environment variables available to shell processes. Supports listing all variables, querying specific values, and temporary variable assignment.

Usage

env-tool [options]

Common Operations

  • List all environment variables with values
  • Show value of a specific variable (e.g. PATH, HOME, USER)
  • Check if a variable is set without showing its value
  • Run a command with modified environment

Examples

# List all environment variables
env-tool

# Show a specific variable
env-tool | grep PATH

# Check variable exists
env-tool | grep ^HOME=

Comments

Loading comments...