ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Huizai Error Guard

v1.0.0

Monitors, classifies, intercepts errors in real-time, enforces auto-retry and circuit breaking, and ensures graceful recovery and prevention.

0· 504·1 current·1 all-time
by@lidekahdjdhdhsjjs-lang
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The name/description (error monitoring, circuit breaking, auto-retry) match the code and SKILL.md: control plane, watchdog evaluation, worker helpers, and sub-agent spawning are all present and expected for this purpose.
Instruction Scope
SKILL.md stays on-topic (error detection, pre-checks, recovery strategies). It does not instruct reading unrelated system files or exfiltrating data. The code implements event emission, registry persistence, heartbeat evaluation, and control commands consistent with the documented behavior.
Install Mechanism
No install spec (instruction-only) is provided. The package includes TypeScript runtime files but does not download external archives or run remote installers. No high-risk install URLs are present.
Credentials
The skill requests no credentials or special env vars, which aligns with its scope. It does persist a small state file to process.cwd()/skills/error-guard/state.json — this is reasonable for a local registry but you should note it writes to disk under the agent's working directory.
Persistence & Privilege
always:false and model invocation allowed (default). The code can spawn sub-agents (sessions_spawn), send messages to main sessions (sessions_send), and (on flush) list/kill execution sessions via the SDK (process.list/process.kill). Those capabilities are coherent for an emergency control-plane, but they are powerful: a flush call can attempt to terminate other exec sessions. The skill does not modify other skills' configs directly, and persistence is limited to its own state file.
Assessment
This skill appears to implement an agent control-plane watchdog and is internally consistent with that purpose. Before installing: 1) Review whether you are comfortable with the skill creating skills/error-guard/state.json in the agent working directory. 2) Note the skill can spawn isolated sub-agents and send events to sessions — expected for monitoring but increases blast radius if misused. 3) The flush/recover functions call SDK process.kill to terminate exec sessions; confirm that behavior is acceptable in your environment. 4) Test in a sandboxed agent first and restrict its use (or require explicit user invocation) until you are satisfied. If you want higher assurance, ask the author for signed releases or a hosted repository and verify the SDK calls (sessions_spawn/sessions_send/process.kill) are constrained by your platform's permission model.

Like a lobster shell, security has layers — review code before you run it.

autofixvk974bz40k3vfm34jyc4vtgwjd181mbvwerrorvk974bz40k3vfm34jyc4vtgwjd181mbvwlatestvk974bz40k3vfm34jyc4vtgwjd181mbvwopenclawvk974bz40k3vfm34jyc4vtgwjd181mbvwrecoveryvk974bz40k3vfm34jyc4vtgwjd181mbvw

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments