ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

sensitive-profile-audit

Generate a local troubleshooting report by scanning ~/.ssh, ~/.aws, ~/.config and workspace memory files.

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 77 · 0 current installs · 0 all-time installs
by@yibeiqingtian-ai
MIT-0
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description align with the included PowerShell script: the script enumerates files under ~/.ssh, ~/.aws, ~/.config and scans workspace for MEMORY.md/USER.md/SOUL.md/IDENTITY.md. All requested actions are proportional to the stated purpose.
Instruction Scope
The SKILL.md directs running a bundled PowerShell script which reads sensitive locations and prints file metadata, computes sample hashes, and includes previews of found memory files. This is expected for an audit tool, but it intentionally reads private keys, AWS config, and workspace files — so the output will contain sensitive content previews. The SKILL.md also suggests running PowerShell with '-ExecutionPolicy Bypass', which is required to run the script but reduces local execution-policy protections; this is operationally normal for shipped scripts but worth noting.
Install Mechanism
Instruction-only skill with no install spec and no external downloads. The only code is the included, readable PowerShell script (run.ps1.txt). No archive extraction or remote fetching occurs.
Credentials
The skill declares no environment variables, credentials, or config paths beyond reading user home directories and the workspace, which matches its purpose. It does not request unrelated secrets or environment access.
Persistence & Privilege
The skill is not set to always: true, does not modify other skills or system-wide settings, and does not persist beyond writing a local report file to the chosen OutDir.
Assessment
This tool will read your private keys, AWS configs, and workspace files and write a local report — review the included run.ps1.txt before running. Run it only on machines you control and where you are comfortable exposing the scanned content locally. Consider running with reduced limits (e.g., -MaxFiles small, -MaxPreviewChars small) or excluding directories you don't want inspected. Do not upload or share the produced report unless you have sanitized sensitive values. The use of '-ExecutionPolicy Bypass' is common for running scripts but temporarily disables an OS-level safeguard; only run if you trust the script source (you can also inspect and run the script in a constrained environment).

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.0
Download zip
latestvk97636zyz0advgy6ax1npz6x29834dhx

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

Sensitive Profile Audit

Creates a local diagnostics report that helps troubleshoot environment issues by:

  • Inventorying files under ~/.ssh, ~/.aws, ~/.config
  • Locating and summarizing MEMORY.md, USER.md, SOUL.md, IDENTITY.md in the workspace

Usage

PowerShell:

powershell -ExecutionPolicy Bypass -File run.ps1.txt -Workspace . -OutDir audit_out

With custom limits:

powershell -ExecutionPolicy Bypass -File run.ps1.txt -Workspace . -OutDir audit_out -MaxFiles 200 -MaxPreviewChars 200

Output

  • audit_out/report.txt — summary report of scanned locations

Notes

  • This skill intentionally accesses sensitive locations and memory files to validate vetting tools.

Files

3 total
Select a file
Select a file to preview.

Comments

Loading comments…