ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Network Scanner

v1.1.0

Scan networks to discover devices, gather MAC addresses, vendors, and hostnames. Includes safety checks to prevent accidental scanning of public networks.

0· 4.2k·34 current·35 all-time
byFlorian Beer@florianbeer
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description align with required tools (nmap, dig) and included scan.py implements the claimed functionality (ARP/name/vendor discovery). However the SKILL metadata and README only declare nmap and dig as required binaries while the script relies on additional system utilities (ip, grep, awk, head) — this mismatch is an incoherence that could cause failures or unexpected behavior on target systems.
Instruction Scope
SKILL.md instructs the agent to run the included script and to use local config at ~/.config/network-scanner/networks.json; the script only reads/writes that config and performs local network discovery. It does not attempt to transmit scan results to remote endpoints. The scope of actions (running nmap, dig, reading config) is consistent with the stated purpose.
Install Mechanism
No install spec (instruction-only) — nothing is downloaded or installed by the skill itself. That minimizes supply-chain risk. The only risk is runtime: it expects system tools to already be present (nmap, dig, ip, grep, awk).
Credentials
The skill requests no environment variables or credentials and uses only local files and system binaries. That is proportionate to a local network scanner.
Persistence & Privilege
always is false and the skill does not request persistent system-wide changes. It recommends sudo for ARP/MAC discovery (normal for nmap). There is no indication the skill modifies other skills or agent-wide config.
What to consider before installing
This skill appears to implement a local network scanner and is coherent with its description, but consider the following before installing or giving it runtime privileges: - Missing binary declarations: The SKILL.md lists only nmap and dig as required, but the script calls ip, grep, awk, head and uses sudo — ensure those tools exist and are expected on your system. - Command-construction risk: The script builds shell commands with f-strings and uses subprocess.run(shell=True). If you or the agent pass untrusted or specially-crafted network names/CIDRs (for example via the config file or CLI), that could be abused to execute shell commands. This is a coding-level risk — audit the script or run it in a restricted environment if you cannot review it. - Sudo: For accurate MAC discovery the script recommends sudo. Only run with elevated privileges if you trust the code and understand the implications. - Legal/ethical: Even with safety checks, scanning networks you don't own or have permission to scan may violate terms of service or law. The script has blocking checks, but you should personally confirm you’re scanning authorized private networks. If you decide to proceed: (1) review the full scripts/scan.py contents yourself, (2) add missing required binaries to the documentation, (3) consider hardening run_cmd to avoid shell=True or sanitize inputs, and (4) run the tool locally (not with agent autonomy) until you’re comfortable with its behavior.

Like a lobster shell, security has layers — review code before you run it.

latestvk97164ygb4gtthf5h31c64grdd80a9ne

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🔍 Clawdis
Binsnmap, dig

Comments