ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Offline Llama

v1.0.0

Manage local Ollama models autonomously with health monitoring, automatic fallback, self-healing, and offline operation without internet dependency.

0· 699·4 current·7 all-time
by@and-ray-m
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill claims to manage Ollama models (health checks, restarts, reinstallations, cache clearing). Performing these tasks normally requires specific binaries/CLIs (e.g., ollama CLI, systemctl or init scripts), filesystem paths, and potentially network access. The skill declares no required binaries, config paths, or credentials, which is inconsistent with the stated capabilities.
!
Instruction Scope
SKILL.md gives broad runtime instructions (continuous monitoring, restarting services, clearing caches, reinstalling models, log analysis) but does not specify exact commands, files, or limits. The instructions are open-ended about which logs/files to read and allow autonomous decisions (e.g., when to reinstall), granting the agent wide discretion to access system state and perform potentially destructive actions.
Install Mechanism
No install spec and no code files are present (instruction-only). That minimizes risk from arbitrary downloads or written artifacts, but it also means the SKILL.md is the sole runtime authority — increasing importance of clear, constrained instructions which are currently lacking.
Credentials
The skill requests no environment variables or credentials, which superficially limits exfiltration risk. However, the described behaviors (reinstalling models, switching to remote models when internet is present) imply network access and possibly access to model registries; the lack of declared requirements or credential needs is an omission and reduces transparency about what privileges the agent will need.
Persistence & Privilege
The skill is not forced-always and allows normal autonomous invocation. Autonomous invocation combined with system-management actions increases blast radius if misused, but 'always: false' and default invocation settings are reasonable. There's no evidence it attempts to modify other skills or system-wide configs from the provided text.
What to consider before installing
This skill could do exactly what it claims, but it currently leaves important details out and grants broad, ambiguous authority. Before installing or enabling: 1) Verify the skill's source/author (unknown here). 2) Require the author to specify exact commands, required binaries (e.g., ollama CLI, systemctl), config paths, and any network endpoints used for model downloads. 3) Restrict the agent's runtime privileges (run in a sandbox or VM) so it cannot restart system services or modify files without explicit user confirmation. 4) Disable autonomous invocation or limit it to read-only health checks until you trust the implementation. 5) Prefer skills that declare required binaries/paths and provide an install script or code you can review. If you want to proceed, test in an isolated environment and monitor logs/changes closely.

Like a lobster shell, security has layers — review code before you run it.

latestvk977thsn06ypfn0jtj8630sx5581c05b

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments