ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Openclaw Magika

v1.0.0

Detects over 200 file content types locally with ~99% accuracy using the Google Magika deep learning model and magika CLI.

0· 25·0 current·0 all-time
by@axelhu
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill claims to be a thin wrapper that runs the magika CLI locally — requiring the magika binary is proportionate. However the package metadata lacks a homepage/source and the _meta.json ownerId ('axelhu') does not match the registry owner id in the provided metadata, which is an inconsistency that reduces trust. No unexpected credentials or system paths are requested.
!
Instruction Scope
SKILL.md instructs the agent to run magika CLI commands against user files only (which is in-scope). But it also asserts 'No data sent to third parties; local inference only' and 'no network needed' while the magika CLI/tool typically requires downloading model binaries or runtimes when first installed — the instructions do not explain model download behavior. This is a scope mismatch: the skill promises no network activity but gives install steps that likely trigger network access.
!
Install Mechanism
There is no packaged install spec in the skill bundle (instruction-only), and SKILL.md recommends pipx/pip/brew (reasonable) but also includes a 'curl -LsSf https://securityresearch.google/magika/install.sh | sh' one-liner (piping a remote script to sh). Even if the domain appears Google-associated, piping remote scripts to a shell is high-risk and should be avoided or inspected first. The lack of an explicit, verifiable upstream project homepage/source increases the risk from these install recommendations.
Credentials
The skill declares no required environment variables or credentials and the instructions do not request any secrets. That's proportionate to the described task. Note: the tool operates on user files, so file-level privacy (sensitive documents) is the relevant concern, but not environment credential access.
Persistence & Privilege
The skill does not request always:true and is user-invocable only. There is no indication it attempts to modify other skills or system-wide agent settings. No persistence/privilege escalation indicators present in the bundle.
What to consider before installing
Before installing or using this skill: (1) verify the upstream magika project and install sources (prefer pipx or an OS package manager over piping a remote script to sh); (2) inspect the install script (if you consider using it) and avoid blind curl | sh — download and review first; (3) confirm whether magika downloads model weights at first run and from which hosts (the SKILL.md claims 'no network needed' but that may be inaccurate); (4) because the tool runs on local files, avoid running it on sensitive documents unless you trust the binary and its install source; (5) the bundle metadata lacks a homepage and shows an ownerId mismatch — prefer tools with clear official sources and reproducible install artifacts (checksums/releases) before trusting them.

Like a lobster shell, security has layers — review code before you run it.

latestvk972pqsnrnfkb6xv17m9rwjc6s852y6b

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments