Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill claims to configure/manage an API gateway (Envoy backend, Redis persistence, Prometheus/Grafana monitoring). Managing those systems normally requires connection strings, admin/API credentials, and binaries or network access. The skill's metadata declares no required env vars, binaries, or config paths, which is inconsistent with the stated capabilities. The SKILL.md also provides an example that references ${JWT_SECRET} (an undeclared secret).
Instruction Scope
SKILL.md is instruction-only and defines helper functions (create_gateway, add_route, set_rate_limit, get_metrics) and example configs. It does not instruct the agent to read unrelated local files or exfiltrate data, but it is vague about how to obtain infrastructure endpoints/credentials and what runtime actions (API calls to Envoy/Redis/Prometheus) the agent will perform. That ambiguity could cause the agent to request or be given sensitive credentials at runtime.
Install Mechanism
There is no install spec and no code files included in the package (instruction-only), so nothing is written to disk by default — low immediate install risk. However, SKILL.md suggests using 'clawhub install SKY-lv/api-gateway' and skill.json points to a GitHub repo; this implies an external package exists. The evaluator cannot verify that external source from the provided bundle; users should validate the origin before running any install command.
Credentials
The SKILL.md example references ${JWT_SECRET} and the configuration implies the need for Redis endpoints, Envoy admin access, and monitoring endpoints, but the skill declares none of these required environment variables or credentials. Requesting secrets or access that are not declared is disproportionate and increases risk: an agent might ask the user to provide sensitive credentials or accept insecure defaults.
Persistence & Privilege
The skill does not request persistent installation privileges (always:false) and does not claim to modify other skills or system-wide configuration. The default ability for the agent to invoke the skill autonomously is enabled (disable-model-invocation:false), which is normal — combine this with the above secret-handling concerns when deciding trust.
What to consider before installing
This skill looks like it is meant to manage an API gateway, but its package is just instructions and it omits declaring the credentials and endpoints it will need. Before installing or invoking it: 1) verify the upstream repository (the SKILL.md references a GitHub repo and a 'clawhub install' name) and inspect that code; 2) do not provide secrets (JWT_SECRET, Redis/Envoy admin credentials, Prometheus/Grafana tokens) until you confirm exactly how they are used and stored; 3) ask the author to list all required env vars and the exact network actions the skill will perform; 4) if you must test, do so in an isolated environment with least-privilege credentials. The current mismatch between claimed capabilities and declared requirements is the main risk — it may be sloppy packaging, but it could also lead to accidental exposure of credentials.Like a lobster shell, security has layers — review code before you run it.
latestvk97602pbx5d05b2nbywnea8myx84k7w6
License
MIT-0
Free to use, modify, and redistribute. No attribution required.