ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Perry Workspaces

v1.1.0

Create and manage isolated Docker workspaces on your tailnet with Claude Code and OpenCode pre-installed. Use when working with Perry workspaces, connecting to coding agents, or managing remote development environments.

2· 2.5k·7 current·7 all-time
by@gricha
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The SKILL.md relies on external tooling (perry CLI, ssh, tailscale, a running Claude/OpenCode inside containers, and SSH keys for git@github.com) but the registry metadata declares no required binaries, env vars, or sources. That mismatch is unexpected and unexplained for a workspace manager.
Instruction Scope
Runtime instructions are narrowly focused on creating/listing/stopping/removing workspaces and SSHing into them. They do not instruct reading host files or exporting secrets. However, the guidance expects the agent/user to run interactive shells inside remote containers, which grants broad remote execution capability (expected for this tool but worth noting).
Install Mechanism
No install spec and no code files — lower disk/write risk. The skill is instruction-only, so it won't drop archives or install packages itself. The tradeoff is that required external binaries must already be present on the host.
Credentials
No environment variables or credentials are declared, but the instructions implicitly require network access, Tailscale authentication, SSH private keys (for ssh and git@github.com cloning), and reachable container services (OpenCode/Claude). The skill should have declared these expectations explicitly.
Persistence & Privilege
always:false and no install actions — the skill does not request persistent system presence or modify other skills. Model invocation is enabled (default), which means the agent could call this skill autonomously; that is normal but combine with the above gaps when deciding trust.
What to consider before installing
This skill appears to be an instruction set for a workspace manager but omits key operational details and has no source or homepage. Before installing: 1) Ask the publisher for the source repository or documentation and require the skill metadata to list required binaries (perry, ssh, tailscale) and any needed credentials. 2) Ensure you have Tailscale access and SSH keys configured — the SKILL.md assumes these but does not manage them. 3) Understand that using the skill will let the agent open interactive shells on remote containers (remote command execution); only allow that if you trust the remote workloads and network. 4) Prefer skills with a verifiable homepage or source; with an unknown origin, consider running any actions in a sandboxed environment and do not supply unrelated credentials.

Like a lobster shell, security has layers — review code before you run it.

latestvk97afpb7rqsz9hyw2nb71v4eeh7ztcwv

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments