Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Moltbot Security
v1.0.3Security hardening for AI agents - Moltbot, OpenClaw, Cursor, Claude. Lock down gateway, fix permissions, auth, firewalls. Essential for vibe-coding setups.
⭐ 3· 2.6k·5 current·5 all-time
byNext Frontier AI@nextfrontierbuilds
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name and description claim security hardening for Moltbot/OpenClaw and the SKILL.md content indeed provides firewall, auth, permissions, Node.js updates, and Tailscale guidance — that aligns with the stated purpose. However, the package metadata claims no required config paths or env vars while the instructions explicitly reference ~/.openclaw/openclaw.json and several CLAWDBOT_* environment variables. This metadata/instruction mismatch is unexpected and deserves attention.
Instruction Scope
Instructions tell the operator to read and edit sensitive config files (~/.openclaw/openclaw.json), change file permissions, export secrets (CLAWDBOT_GATEWAY_TOKEN / CLAWDBOT_GATEWAY_PASSWORD), run firewall and sshd config changes, and run 'openclaw security audit --deep --fix'. Those actions are within a hardening guide's scope, but they are high-impact (modify system files, apply fixes automatically). The guide also recommends piping remote install scripts (Tailscale, NodeSource). Ensure you trust the sources before running them and verify the CLI tooling (openclaw) exists and is from a trusted origin.
Install Mechanism
The skill is instruction-only (no install spec), which is lower risk as nothing is written by the package manager. However, the instructions recommend running third-party install scripts (curl | sh for Tailscale and NodeSource), and a homebrew command for macOS; those are external downloads executed on the host and carry the usual supply-chain risk. The package.json references a GitHub repo, but registry metadata lists source/homepage as unknown/none — inconsistent provenance information.
Credentials
The SKILL.md instructs you to set environment variables (CLAWDBOT_GATEWAY_TOKEN, CLAWDBOT_GATEWAY_PASSWORD, CLAWDBOT_DISABLE_BONJOUR) and to edit local config paths, which are reasonable for a gateway hardening guide. But the registry metadata declares no required env vars and no required config paths; this mismatch makes it unclear what secrets/config the skill expects or will operate on. No unrelated credentials are requested, but the lack of declared requirements reduces transparency.
Persistence & Privilege
The skill does not request persistent or privileged platform-level presence (always:false, no special flags). It instructs manual edits to user and system files (home config, /etc/ssh, ufw) which are expected for system hardening. It does not attempt to modify other skills or system agent configs automatically in the provided instructions.
What to consider before installing
This is a practical hardening checklist, but before running anything: 1) Verify the origin — the registry metadata lists no known homepage while package.json points to a GitHub repo; inspect that repo and its author. 2) Don’t blindly run curl | sh commands — fetch and review the scripts first. 3) Back up ~/.openclaw and any config files before editing or running auto-fix commands. 4) Confirm the 'openclaw' CLI is legitimate and from a trusted source before using --fix or audit commands. 5) Be cautious exporting tokens in shells; use a secrets store if possible. If you want, I can: fetch and summarize the referenced GitHub repo (if publicly available), list the exact commands the guide recommends to run so you can review them, or suggest safer step-by-step commands to audit without applying automatic fixes.Like a lobster shell, security has layers — review code before you run it.
latestvk97fwbjkhksg4ymhxb1as5d46180y4zf
License
MIT-0
Free to use, modify, and redistribute. No attribution required.