ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Examine Sandbox

v2.0.0

Use this skill when the user wants to check what data their shared agent can access, inspect what's being shared, review privacy, or see what guests will see...

0· 86·0 current·0 all-time
byAwassi@xisen-w

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for xisen-w/examine-sandbox.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Examine Sandbox" (xisen-w/examine-sandbox) from ClawHub.
Skill page: https://clawhub.ai/xisen-w/examine-sandbox
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install examine-sandbox

ClawHub CLI

Package manager switcher

npx clawhub@latest install examine-sandbox
Security Scan
Capability signals
Requires sensitive credentials
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The SKILL.md clearly targets auditing and managing shared links on aicoo.io and the curl commands reflect that purpose (list links, search notes, patch/revoke links). Requiring an API key for that service is reasonable for the stated capability. However, the registry metadata claims no required env vars or primary credential while the runtime docs explicitly require PULSE_API_KEY — an inconsistency between declared requirements and actual runtime needs.
Instruction Scope
Instructions are specific and constrained to the aicoo.io API endpoints (GET /os/network, POST /os/notes/search, PATCH/DELETE /os/share/{linkId}). They do not instruct reading arbitrary local files or other environment variables. They do include write operations (PATCH, DELETE) which can modify or revoke share links; this is coherent with 'restrict access' actions but is higher privilege and should be used carefully.
Install Mechanism
This is an instruction-only skill with no install spec or code files, so it does not write code to disk or fetch remote packages. That's low installation risk.
!
Credentials
The SKILL.md requires a single env var PULSE_API_KEY (used for Authorization: Bearer) which is proportionate to the API operations described. The concern is that the registry metadata lists no required env vars or primary credential — a metadata omission that could mislead users. Also, the PULSE_API_KEY likely grants listing/modifying/revoking share links (sensitive capabilities); users should ensure the key is least-privilege and scoped appropriately.
Persistence & Privilege
The skill is not always-enabled, has no install-time persistence, and does not request system-wide configuration changes. It runs ephemeral curl commands at runtime. Autonomous invocation is allowed (platform default) but does not by itself increase risk here.
What to consider before installing
This skill appears to do what it says (audit and manage share links on aicoo.io), but note two issues: (1) the runtime docs require PULSE_API_KEY even though the registry metadata lists no required env vars — don't assume the registry metadata is complete; (2) the API key has high privilege (can list and revoke links and change access). Only provide a PULSE_API_KEY that is scoped/minimized for auditing (use a temporary or read-only token if available), verify the aicoo.io endpoint and that you trust the skill author (no homepage, unknown owner), and rotate/revoke the key after use. If you need higher assurance, request the author update the package metadata to explicitly declare PULSE_API_KEY and provide an official homepage or documentation.

Like a lobster shell, security has layers — review code before you run it.

latestvk973hm4d4vvbghxskwr5mv8ya5859yqh
86downloads
0stars
1versions
Updated 6d ago
v2.0.0
MIT-0
Awassi@xisen-w
latest
Download

Examine Sandbox

Inspect exactly what data and capabilities are included in shared links.

Prerequisites

  • PULSE_API_KEY must be set
  • Base URL: https://www.aicoo.io/api/v1

Core Workflow

Step 1: List network state

curl -s -H "Authorization: Bearer $PULSE_API_KEY" \
  "https://www.aicoo.io/api/v1/os/network" | jq .

Review:

  • shareLinks
  • visitors
  • contacts

Step 2: Check context size/scope

curl -s -H "Authorization: Bearer $PULSE_API_KEY" \
  "https://www.aicoo.io/api/v1/os/status" | jq .

Step 3: Search for sensitive content

# financial
curl -s -X POST "https://www.aicoo.io/api/v1/os/notes/search" \
  -H "Authorization: Bearer $PULSE_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"query":"revenue pricing confidential"}' | jq .

# credentials/personal info
curl -s -X POST "https://www.aicoo.io/api/v1/os/notes/search" \
  -H "Authorization: Bearer $PULSE_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"query":"password API key credentials"}' | jq .

Step 4: Report findings

Summarize:

  1. how many active links and their scopes
  2. notes/calendar permission levels
  3. visitor activity
  4. sensitive hits inside shared scope
  5. risk actions (downgrade/revoke)

Step 5: Restrict access if needed

# narrow scope
curl -s -X PATCH "https://www.aicoo.io/api/v1/os/share/{linkId}" \
  -H "Authorization: Bearer $PULSE_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"scope":"folders","folderIds":[5,12]}' | jq .

# downgrade notes access
curl -s -X PATCH "https://www.aicoo.io/api/v1/os/share/{linkId}" \
  -H "Authorization: Bearer $PULSE_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"notesAccess":"read"}' | jq .

# revoke
curl -s -X DELETE "https://www.aicoo.io/api/v1/os/share/{linkId}" \
  -H "Authorization: Bearer $PULSE_API_KEY" | jq .

Search Categories

CategoryTermsRisk
Financialrevenue, burn rate, pricing, salarymedium
Credentialspassword, token, key, secretcritical
Personalphone, address, SSN, privatehigh
Legalcontract, NDA, agreementhigh

Comments

Loading comments...