ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Skill Gatekeeper

v2.0.0

技能門禁系統 - 自動審核、沙盒測試、安全放行

0· 189·0 current·0 all-time
by@lanew197894fun-cmd

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for lanew197894fun-cmd/skill-gatekeeper.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Skill Gatekeeper" (lanew197894fun-cmd/skill-gatekeeper) from ClawHub.
Skill page: https://clawhub.ai/lanew197894fun-cmd/skill-gatekeeper
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Required binaries: bun
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install skill-gatekeeper

ClawHub CLI

Package manager switcher

npx clawhub@latest install skill-gatekeeper
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
Name/description claim an automated audit/sandbox system and the code largely implements that (sandbox copy, local pattern scan, VirusTotal lookup). However there is an odd/hard-coded call to a Windows Node installer path (C:/Users/ReaMasTer/...) and the code uses child_process.execSync to run an external installer — this is unexpected for a cross-platform Bun tool and suggests either sloppy engineering or a potential backdoor/incoherence.
Instruction Scope
SKILL.md instructions map to the CLI implemented in gatekeeper.ts (audit/install/config). The runtime will copy skills into a sandbox, scan files, call VirusTotal, and then quarantine or delete originals. Those actions are within the stated scope, but the code performs destructive filesystem operations (cpSync + rmSync) and executes an external installer command; both require reviewing because they can modify or remove skill files and invoke arbitrary external code.
Install Mechanism
No install spec is used; this is effectively an instruction-only skill with an included Bun script. No external archives or downloads are staged by an installer spec. However, the script itself calls external commands (execSync) which may invoke other installers at runtime.
Credentials
The skill requests no environment variables but reads/writes config and stores a VirusTotal API key under ~/.opencode/config/gatekeeper.json. Storing the VT key locally is expected for the feature. Still, the skill will read and modify user home paths (~/.opencode/*), which is reasonable for a gatekeeper but should be accepted only if you trust the code.
Persistence & Privilege
The skill is not force-installed (always: false) and does not request platform-level privileges. It does write to its own config directory and can move/delete skill directories (quarantine), which is consistent with its purpose but means it has the ability to modify other installed skills in ~/.opencode/skill.
What to consider before installing
This skill implements the advertised audit/sandbox flow, but review the code before installing. Specific concerns: (1) gatekeeper.ts executes an external installer via child_process.execSync using a hard-coded Windows path (C:/Users/ReaMasTer/...), which is unusual and may run arbitrary code on installation — ask the author why this path is used or remove/replace it with a platform-appropriate installer call. (2) The script uses cpSync and rmSync to copy and delete skill directories (quarantine), so a bug or malicious change could remove files outside the intended directory; verify path handling and consider running only in an isolated/test environment first. (3) The tool stores a VirusTotal API key in ~/.opencode/config/gatekeeper.json — ensure you are comfortable storing that key locally. Recommended actions: inspect the full source for the execSync usage and any other external calls, run the tool inside a disposable VM/container before using it on a production machine, back up ~/.opencode, and prefer a version that uses a documented, platform-agnostic installer mechanism rather than a hard-coded path. If you cannot verify the code or get clarification, treat this skill as untrusted.
gatekeeper.ts:269
Shell command execution detected (child_process).
!
gatekeeper.ts:3
File read combined with network send (possible exfiltration).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

Binsbun
latestvk97b6px29c1ab2vka43wy179y583646b
189downloads
0stars
2versions
Updated 7h ago
v2.0.0
MIT-0
@lanew197894fun-cmd
latest
Download

Skill Gatekeeper - 自動化安全審核系統

新技能安裝後自動進入沙盒掃描,安全審核通過才放行。

工作流程

┌─────────────────────────────────────────────────────┐
│  1. 安裝新技能                                      │
│           ↓                                          │
│  2. 進入沙盒隔離環境                                 │
│           ↓                                          │
│  3. 本地安全掃描 (skill-vet)                        │
│           ↓                                          │
│  4. VirusTotal 雲端檢測                             │
│           ↓                                          │
│  ┌─────────────────────────────────────────┐        │
│  │  安全通過 → 自動放行 ✅                    │        │
│  └─────────────────────────────────────────┘        │
│           ↓                                          │
│  ┌─────────────────────────────────────────┐        │
│  │  發現風險 → 隔離 + 警告 ⚠️               │        │
│  └─────────────────────────────────────────┘        │
└─────────────────────────────────────────────────────┘

使用方式

自動審核新技能

skill-gatekeeper audit <技能名稱>

審核並安裝

skill-gatekeeper install <技能名稱或Slug>

審核所有已安裝技能

skill-gatekeeper audit-all

設定自動模式

skill-gatekeeper config --auto-mode true
skill-gatekeeper config --vt-key <YOUR_VT_KEY>

自動放行標準

檢測項目標準結果
本地掃描0 高風險✅ 通過
VirusTotal0 防毒標記✅ 通過
沙盒測試可正常執行✅ 通過

安全等級

等級標準動作
🟢 免費放行全部通過正常安裝
🟡 需審核發現警告需人工確認
🔴 拒絕安裝發現高風險自動隔離

自動隔離的風險類型

  • 🔴 eval(), new Function() - 動態程式碼執行
  • 🔴 child_process.exec() - 系統命令執行
  • 🔴 敏感路徑存取 (~/.ssh/, ~/.aws/ 等)
  • 🔴 鍵盤側錄模式
  • 🔴 VirusTotal 高風險標記

隔離區

被拒絕的技能會移動到隔離區:

~/.opencode/config/quarantine/<技能名稱>_<時間戳>

輸出範例

🔒 Skill Gatekeeper - 自動化安全審核
─────────────────────────────────────

📦 安裝技能: suspicious-skill
📍 狀態: 進入沙盒隔離環境

🔍 執行本地安全掃描...
   🔴 發現: eval() 動態程式碼執行
   🔴 發現: child_process.exec() 系統命令執行
   📊 分數: 40/100

☁️ 執行 VirusTotal 雲端檢測...
   ☁️ VT: 45/70 防毒引擎標記 ⚠️

⚠️ 安全審核: 未通過
   🔴 本地風險: 高
   ☁️ 雲端風險: 惡意

📦 已移至隔離區
   ~/.opencode/config/quarantine/suspicious-skill_20240101

Comments

Loading comments...