ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Security Defense Line 安全防线

v2025.4.15

安全防线 - 全方位安全防护与威胁防御系统。 当用户需要以下功能时触发此skill: (1) 智能合约安全审计与漏洞检测 (2) 钱包安全检测与防护 (3) 交易安全验证与风险预警 (4) 钓鱼网站/诈骗检测 (5) 私钥/助记词安全管理 (6) 多签钱包配置与管理 (7) 安全事件响应与应急处理 (8) 安全策...

0· 668·0 current·0 all-time
by@shenmeng
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
CryptoRequires walletCan make purchasesRequires sensitive credentials
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The code files implement the stated features (contract auditor, phishing detector, tx validator, multisig manager, incident responder, monitor). However the SKILL metadata and SKILL.md do not declare required binaries (Slither/Mythril) or several environment variables and credentials that the scripts reference in examples (e.g., TELEGRAM_BOT_TOKEN, TELEGRAM_CHAT_ID, SKILLPAY_USER_ID). The presence of an embedded billing API key in payment.py and a billing configuration in _meta.json conflicts with the declared 'Required env vars: none'.
!
Instruction Scope
SKILL.md instructs running multiple scripts including long‑running monitoring (security_monitor.py --daemon, --dashboard --port 8080) and a clipboard watch / auto-block mode for phishing_detector. Those runtime behaviors can read local state (clipboard), open network ports, and push alerts externally (Telegram). The SKILL.md config examples reference secrets (Telegram tokens) that are not declared. The instructions also imply the use of external analysis binaries (slither/mythril/aderyn) which are invoked by scripts but not listed as required.
Install Mechanism
There is no install spec (instruction-only), which normally reduces risk, but the bundle includes executable Python scripts that will be run in the agent environment. No third‑party package downloads are declared, but the scripts call external programs (slither/mythril) and external endpoints (skillpay.me). Because code is present and executed ad‑hoc, absence of an install spec is not equivalent to 'no install risk'.
!
Credentials
The package manifest (_meta.json) indicates billing and expects SKILLPAY_API_KEY / SKILLPAY_USER_ID, yet the skill manifest reported 'Required env vars: none' — a mismatch. payment.py hardcodes a sensitive BILLING_API_KEY inside source code (cleartext secret), and verify_payment() reads SKILLPAY_USER_ID from environment. SKILL.md examples also reference TELEGRAM_BOT_TOKEN and TELEGRAM_CHAT_ID but these are not declared in requirements. These undeclared or embedded credentials are disproportionate and risky.
Persistence & Privilege
The skill is not force-installed (always:false) and allows normal autonomous invocation. However the scripts support daemon mode, a web dashboard, and an alerting pipeline (Telegram/email). If run, the skill can create a persistent process, open network endpoints, and send data externally. That persistence capability combined with the billing integration and hardcoded API key increases the impact if abused.
What to consider before installing
This skill appears to implement the security features it advertises, but there are several red flags you should consider before installing or running it: - Hardcoded billing credential: payment.py contains a cleartext BILLING_API_KEY and calls https://skillpay.me. Hardcoded keys are insecure and could allow unexpected charges or leak sensitive billing access. Ask the author to remove the embedded key and require a runtime environment variable instead. - Undeclared environment secrets: SKILL.md and code reference TELEGRAM_BOT_TOKEN, TELEGRAM_CHAT_ID, and SKILLPAY_USER_ID but the skill metadata lists no required env vars. Running the skill may prompt you to provide these secrets or try to operate without them. - External binaries and network access: scripts expect to call tools like Slither/Mythril and will reach external endpoints. Ensure those binaries are installed from trusted sources, and run the skill in an isolated environment (container/VM) first. - Long‑running and local monitoring behavior: the monitor and phishing scripts can run as daemons, open a web dashboard, and watch the clipboard. Only run this code in an environment where you permit network egress and local input monitoring; do not run on a machine holding real private keys. - Billing and payment flow: the skill enforces a payment check at startup (require_payment) and may attempt to charge a user id it finds in the environment. Verify the billing provider (skillpay.me) and the legal/financial implications before using. Recommended actions before use: - Request the author to remove embedded API keys and to document required env vars explicitly. - Review all scripts fully (especially omitted/truncated parts) for any outbound network calls or data exfiltration paths. - Run the skill in a sandbox (container or ephemeral VM) with no access to your private keys or sensitive files; restrict network egress if possible and inspect outbound traffic. - If you need only audit functionality, consider using well‑known, audited tools (Slither/Mythril/OpenZeppelin) directly rather than an unvetted bundle. If you provide the full remaining files (truncated parts) or confirm the intended billing workflow and env var list, I can raise or lower the confidence of this assessment.

Like a lobster shell, security has layers — review code before you run it.

latestvk973q933mj90qngks5rkfze1ys84w5yj

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments