Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Skill Security Patcher
v1.0.0Skill 安全补丁响应工具(CVE 紧急通道 SLA 管理 + 漏洞修复 + 依赖审计)
⭐ 0· 35·1 current·1 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill claims to perform security-patching and emergency isolation across agent skills. That purpose can legitimately require reading and updating skill code/metadata, but the SKILL.md asks for broad 'read:skills/' and 'write:skills/' permissions (and read:skill-registry.json) while the registry metadata lists no required config paths or credentials — a mismatch. Granting write access to the global skills directory is a high privilege for an auto-invokable skill and is disproportionate without a clear, auditable change process.
Instruction Scope
The runtime instructions describe tasks (security-patch, emergency-isolate, dependency-audit) and enforce execution in an 'isolated' session, plus input validation rules (e.g., skill-name allowed chars). However, there are no concrete, safe instructions for how patches are applied, where files will be written, or how authorization is cryptographically enforced. Authorization is defined as specific agent IDs or a literal 'CISO-001' string in parameters, which is brittle and easy to spoof in a multi-agent environment. The instructions do not limit read/write to a scoped, auditable location, creating risk of unauthorized modification or data exposure.
Install Mechanism
Instruction-only skill with no install spec and no code files — low installation risk. There is nothing being downloaded or written by an installer step.
Credentials
No environment variables or external credentials are required, which on the surface reduces risk. But the SKILL.md requests file-system permissions to read/write the entire skills directory and read the skill registry — effectively privileged access to other skills and their metadata. That level of file access is not justified solely by the interface description and is a high-risk capability if granted broadly.
Persistence & Privilege
The skill is not always-on and does not request permanent 'always:true' presence, which is good. However, because it can write to the skills directory and registry, it could modify other skills or inject changes that persist beyond a single run. Combined with agent-autonomy (model invocation allowed by default), this creates a notable blast radius if authorization or isolation is mis-implemented.
What to consider before installing
Before installing, ask the publisher to clarify and constrain exactly what files and paths the skill needs to read/write (prefer explicit per-skill paths, not an open 'skills/' directory). Require cryptographic or platform-level identity checks instead of a literal 'CISO-001' string in input params (e.g., verify caller via platform identity tokens or signed attestations). Insist on an auditable change workflow (require approvals, keep immutable change logs, and restrict write rights to a staging area with human review). Because this is instruction-only and from an unknown source, do a manual code review of any automated actions, run the skill only in a tightly sandboxed environment, and request proof of provenance (publisher, homepage, or org). If you cannot get these guarantees, treat this skill as high-risk and avoid granting it write access to global skill directories or the skill registry.Like a lobster shell, security has layers — review code before you run it.
cisovk975eeyqxanrwj5n86zatnnxd584rdf7cvevk975eeyqxanrwj5n86zatnnxd584rdf7latestvk975eeyqxanrwj5n86zatnnxd584rdf7securityvk975eeyqxanrwj5n86zatnnxd584rdf7skill-maintenancevk975eeyqxanrwj5n86zatnnxd584rdf7
License
MIT-0
Free to use, modify, and redistribute. No attribution required.