ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

SecOpsAI for OpenClaw

v0.3.6

Conversational SecOps for OpenClaw audit logs. Run the live detection pipeline, inspect findings, triage incidents, and get mitigation guidance — all from chat.

1· 204·0 current·0 all-time
byOnyedika Christopher Agada@techris93·duplicate of @techris93/credential-hygiene-validator (1.0.0)
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The skill's name/description (conversational SecOps for OpenClaw) matches the instructions: it runs local secopsai CLI commands against OpenClaw audit logs and performs triage. It does not request unrelated credentials, binaries, or config paths.
Instruction Scope
The SKILL.md instructs the agent to run shell commands (using an exec tool) under a local virtualenv and to read OpenClaw logs and the local SOC DB. This is expected for the stated purpose, but running arbitrary shell commands and modifying the SOC DB are sensitive actions; the doc does include explicit safety defaults and requires explicit confirmation for write/triage actions.
Install Mechanism
There is no automated install spec (instruction-only). The README recommends a manual git clone and virtualenv setup from a GitHub repo, which is proportionate. No downloads from unknown hosts or archived installers are specified in the skill itself.
Credentials
The skill declares no required environment variables, credentials, or config paths beyond standard $HOME locations. The paths referenced (~/secopsai, ~/.openclaw/logs/, data/openclaw/findings/openclaw_soc.db) are coherent with its purpose.
Persistence & Privilege
The skill does not request always:true and is user-invocable; it can perform writes to the local SOC store as part of triage but the SKILL.md requires user confirmation before write operations. It does not modify other skills or global agent settings.
Assessment
This skill is internally consistent with its claimed purpose, but be aware: it runs shell commands and can modify your local SOC database. Before installing or enabling autonomous usage: 1) verify and review the referenced GitHub repo (https://github.com/Techris93/secopsai.git) yourself; 2) ensure the agent's exec tool runs under an account with limited privileges; 3) backup the SOC DB (data/openclaw/findings/openclaw_soc.db) before enabling write/automation; 4) require explicit confirmation for any triage/auto-apply actions; and 5) be mindful that supply-chain checks and pipeline runs may contact external registries or services—audit network activity if needed.

Like a lobster shell, security has layers — review code before you run it.

exfiltrationvk9766x0a3f6m488ztgth83gecs83gppfiocvk9766x0a3f6m488ztgth83gecs83gppflatestvk97dycb4yknrh1avwhjn7e67jx84fv13local-firstvk9766x0a3f6m488ztgth83gecs83gppfmalwarevk9766x0a3f6m488ztgth83gecs83gppfobservabilityvk97cx94e0ypbpk7z0mvk5x30ph8376ndopenclawvk9766x0a3f6m488ztgth83gecs83gppfsecopsvk9766x0a3f6m488ztgth83gecs83gppfsecurityvk9766x0a3f6m488ztgth83gecs83gppfthreat-intelvk9766x0a3f6m488ztgth83gecs83gppf

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments