ClawHub

Skill Install Guardian

v1.3.0

Security and due diligence layer for installing external skills from ClawHub. Performs DEEP content scanning for malicious patterns, security checks, integra...

0· 573·2 current·2 all-time
byohnednez@zendenho7
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The skill's name and description (pre-install security checks) match what it actually does: it calls the ClawHub CLI (npx clawhub inspect) to fetch reports and files, scans file contents for dangerous patterns, and generates a report for owner confirmation. Required binary (npx) is expected and proportional; no unrelated env vars or credentials are requested.
Instruction Scope
SKILL.md instructs fetching SKILL.md and script files and scanning for dangerous patterns only — consistent with purpose. The implementation is explicitly read-only and validates slugs to reduce injection risk. However, the code uses a brittle parser for the `--files` output (looks for a 'Files:' section and takes the first token as filename) and, for script files, strips directory paths and calls fetch_file_content with only the basename (which may fail to fetch files located in subdirectories). These bugs can produce false negatives or skip files, reducing the scanner's effectiveness. Also the code prints and returns results but does not send findings to an external endpoint, matching the declared 'report to owner' behavior.
Install Mechanism
There is no install spec (instruction-only plus one script file). No remote downloads or archive extraction are performed by the skill itself. It relies on the local npx/clawhub CLI to fetch skill data, which is an expected, low-risk approach for this purpose.
Credentials
No environment variables or secrets are requested. The scanner detects patterns that look like keys in file contents but does not itself require any credentials — proportional and appropriate for the described functionality.
Persistence & Privilege
always:false and no system-wide config modification are present. The skill does not request persistent privileges or attempt to modify other skills' configs. disable-model-invocation is default (false) which is normal; there is no other elevated privilege requested.
Assessment
This skill appears to do what it says (scan skills before install) and does not request extra credentials or install components, but it has some implementation weaknesses you should consider before relying on it as your only defense: 1) The file-list parsing and the way script file paths are fetched are brittle and may miss files in subdirectories — review and test the scanner on representative skills to confirm coverage. 2) It depends on the trustworthiness and behavior of the local `npx clawhub` CLI; ensure that binary is the official/expected one and that its `--files` and `--file` outputs match what the script expects. 3) Expect false positives and false negatives; always manually review CRITICAL flags. 4) Run the script in an isolated environment (or CI sandbox) the first few times to observe its behavior and outputs. If you plan to rely on it operationally, request or implement fixes to (a) fetch files using their full reported paths rather than basenames, (b) make file-list parsing robust to different CLI output formats, and (c) add explicit logging and an audit trail of scans and owner decisions.

Like a lobster shell, security has layers — review code before you run it.

aivk97bew0k63jtexasbc574kn6jd81jwvjdue-diligencevk97bew0k63jtexasbc574kn6jd81jwvjinstallationvk97bew0k63jtexasbc574kn6jd81jwvjlatestvk97d2rnvzsk7zmqf4e40c10m5n81kpb0securityvk97bew0k63jtexasbc574kn6jd81jwvj

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🛡️ Clawdis
Binsnpx

Comments