Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Fletcher Cyber Security Engineer
v0.1.2Manage and enforce least-privilege execution, approval-based elevation, port and egress monitoring, and ISO 27001/NIST compliance reporting for OpenClaw secu...
⭐ 0· 896·1 current·1 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description (privilege governance, port/egress monitoring, ISO/NIST reporting) matches the included scripts (port_monitor, egress_monitor, guarded_privileged_exec, audit_logger, dashboard, etc.). However, the SKILL metadata declares no required binaries while scripts call system utilities (lsof/ss/netstat); likewise SKILL files and agents/openai.yaml reference OPENCLAW_* environment flags and policy files under ~/.openclaw, but the registry lists no required env vars. These are plausible design choices but the mismatch between declared requirements and actual code is noteworthy.
Instruction Scope
SKILL.md instructs the agent to use bundled scripts and to enforce approval-first elevation and to write logs to ~/.openclaw/security/privileged-audit.jsonl — that is consistent. But the SKILL.md and agent prompt reference environment variables (OPENCLAW_UNTRUSTED_SOURCE, OPENCLAW_REQUIRE_SESSION_ID and generic OPENCLAW_*), and the code reads/writes files in the user's home (~/.openclaw) and may install runtime hooks. The skill directs the agent to run system commands (lsof/ss/netstat) and to potentially alter runtime behavior via an 'install-openclaw-runtime-hook.sh' script. The instructions do not declare or limit when the installer should run; any automatic or poorly gated invocation of the installer would be high-impact. The guidance to never elevate without explicit approval is present in SKILL.md, but you should verify how/when the install scripts are executed in practice.
Install Mechanism
There is no formal install spec in the registry (no package downloads). All code is bundled in the skill. That lowers supply-chain risk compared to external downloads. However, the package includes a script named install-openclaw-runtime-hook.sh which (when run) will likely alter runtime configuration. Because there is no declared install step, it's unclear whether that script is run automatically by the platform or left to a manual operator — clarify that before proceeding.
Credentials
The skill does not request secrets or credentials, which is appropriate. But SKILL.md and agents/openai.yaml reference OPENCLAW_* environment variables (OPENCLAW_UNTRUSTED_SOURCE, OPENCLAW_REQUIRE_SESSION_ID and others) and rely on policy/config files under ~/.openclaw/security. Those env vars are not declared in requires.env; the mismatch is a governance/visibility issue. The code also expects system utilities (lsof/ss/netstat) but the registry lists no required binaries. While no credentials are requested, the skill will read and write files in the user's home directory and may inspect active network connections — this is proportional to the stated purpose but you should be aware and accept those file/host-level accesses explicitly.
Persistence & Privilege
The skill is not always: true and does not declare autonomous-only privileges beyond normal agent invocation. That is good. However, it includes an install script which appears intended to install a runtime privileged-execution hook. Installing such a hook would increase the skill's persistence/impact by changing runtime behavior for future commands. The SKILL.md emphasizes requiring explicit user approval for elevation, but you should confirm whether the hook-install action itself requires explicit manual approval and whether it modifies global agent/runtime configuration or just the skill's own config files.
What to consider before installing
This skill appears to implement the privilege governance features it claims (audit logging, guarded privileged exec, port/egress monitors, compliance reporting). Before installing or running it, check three things: (1) confirm whether the included install script (install-openclaw-runtime-hook.sh) will be executed automatically by the platform or only when you explicitly run it — installing a runtime hook can change global agent behavior and should be run only with full understanding and approval; (2) verify the platform will provide the expected system tools (lsof/ss/netstat) or that you are comfortable granting the skill the ability to call them, since the registry does not declare required binaries; (3) accept that the skill reads and writes files under ~/.openclaw and honors environment flags like OPENCLAW_UNTRUSTED_SOURCE and OPENCLAW_REQUIRE_SESSION_ID — these env vars are referenced but not declared in the registry, so set/inspect them explicitly. If you need higher assurance, review the full contents of install-openclaw-runtime-hook.sh and root_session_guard/guarded_privileged_exec.py to ensure they do not modify other skills' configs or attempt network callbacks. If any of those checks fail or are unclear, treat the package cautiously or run it in an isolated environment first.Like a lobster shell, security has layers — review code before you run it.
compliancevk977y8japhr40arecsejtjzbr1817e9biso27001vk977y8japhr40arecsejtjzbr1817e9blatestvk977y8japhr40arecsejtjzbr1817e9bnistvk977y8japhr40arecsejtjzbr1817e9bsecurityvk977y8japhr40arecsejtjzbr1817e9b
License
MIT-0
Free to use, modify, and redistribute. No attribution required.