ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Fortigate Configuration Skill

v1.0.0

自动配置 FortiGate 防火墙,支持基础策略管理及工控协议(Modbus、IEC104、S7等)的安全配置。

0· 103·0 current·0 all-time
by@jiansiting
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description, SKILL.md, and scripts/main.py all describe FortiGate REST API automation and consistently require FORTIGATE_HOST and FORTIGATE_TOKEN. Required capabilities match the stated purpose (policy/address/service/IPS/configuring industrial connectivity).
Instruction Scope
SKILL.md instructs only to set FortiGate connection variables and run operations tied to FortiGate; the runtime script only calls the FortiGate API and prints results. There is no evidence the skill reads unrelated files or exfiltrates data to third parties. However the script globally disables SSL warnings and defaults verification to false unless the env var is set, which broadens the risk surface for MITM if used with insecure settings.
Install Mechanism
No install spec is provided (instruction/code-only). requirements.txt is small and reasonable (requests, tabulate). No downloads from arbitrary URLs or archive extraction are present.
Credentials
Only FortiGate-related environment variables are declared (FORTIGATE_HOST, FORTIGATE_TOKEN, optional port/verify flag) and the script uses exactly those. This is proportionate, but granting the API token gives full ability to modify firewall configuration — the user should ensure the token has minimal necessary scope and is stored securely.
Persistence & Privilege
The skill does not request always:true and does not attempt to modify other skills or agent-wide settings. It runs on-demand or via normal autonomous invocation.
What to consider before installing
This skill appears to do what it says (automate FortiGate configuration) and only asks for FortiGate connection info. Before installing: 1) Review the complete scripts/main.py (the source provided to me ends truncated — ensure you have the full file and inspect it for unexpected network calls or obfuscated code). 2) Treat FORTIGATE_TOKEN as highly sensitive: use a least-privilege API token/service account and store it in a secure secret store, not a plaintext env var if possible. 3) Set FORTIGATE_VERIFY_SSL=true and use valid certificates in production — the code disables SSL warnings and defaults to not verifying which risks MITM. 4) Test in a lab or on a non-production device first (these operations can change firewall and ICS connectivity). 5) If you allow autonomous invocation, be aware the agent could make changes to your firewall when the skill runs; consider limiting when/how the agent can call this skill. If you provide the full, untruncated source I can raise or lower confidence after reviewing it.

Like a lobster shell, security has layers — review code before you run it.

latestvk972rb54842qd7b3f344h52m59839fqm

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments