ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

SSL

v1.0.2

Set up HTTPS, manage TLS certificates, and debug secure connection issues.

2· 955·3 current·3 all-time
byIván@ivangdavila
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the content: SKILL.md, formats.md, servers.md and troubleshooting.md contain expected cert management commands (certbot, openssl), server config examples (nginx, Apache, Caddy, Traefik, HAProxy), format conversions, and troubleshooting steps. There are no unrelated binaries, env vars, or credentials requested.
Instruction Scope
Instructions tell an operator to run standard system commands and to read certificate/key files (e.g., /etc/letsencrypt/live/.../privkey.pem) and modify permissions — this is appropriate for certificate management but is sensitive because it involves private keys and privileged operations. The skill does not instruct exfiltration or contact to unexpected endpoints; it references legitimate external checks (ssllabs.com, testssl.sh).
Install Mechanism
No install specification and no code files — instruction-only. That is low-risk: nothing is downloaded or written by an installer step.
Credentials
The skill requests no environment variables, credentials, or config paths beyond example file locations. The examples reference common system paths for certificates but do not require any secret to be supplied to the skill itself.
Persistence & Privilege
always:false and no instructions to modify other skills or platform settings. Autonomous invocation is allowed by platform default but the skill does not request persistent privileges or alter other skills' configs.
Assessment
This skill appears to be an honest, instruction-only TLS/HTTPS guide. Before installing or letting an agent execute it: (1) understand that following its commands may read private keys and require root — never expose private keys to untrusted actors; (2) review any certbot/openssl commands before running them on production (certbot --nginx can modify server configs); (3) run sensitive commands yourself if you don't want an agent to perform privileged operations; and (4) ensure the agent’s execution environment is trusted since the steps touch /etc/letsencrypt and other system files.

Like a lobster shell, security has layers — review code before you run it.

latestvk977jx704bk9am3bwdsnwk3bhn810sat

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments