Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Switchyard Runtime Diagnostics
v1.0.0Guide to install, connect, and use Switchyard's read-only MCP runtime diagnostics for analyzing provider or runtime boundaries safely.
⭐ 0· 40·0 current·0 all-time
byYifeng[Terry] Yu@xiaojiou176
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description match the contents: the skill is a read-only diagnostics packet that teaches an agent how to attach a local MCP server and run specific read-only queries. Nothing in the files asks for unrelated credentials, system-wide config, or capabilities beyond starting and querying a local MCP surface.
Instruction Scope
SKILL.md and references direct the agent to clone a GitHub repo and run pnpm scripts to launch a local MCP server, then call read-only MCP tools. This stays within the stated diagnostics scope, but it does instruct executing code from an external repository and running local commands (pnpm install/run), which can have side effects if the repository or its scripts are malicious or untrusted.
Install Mechanism
No install spec in the skill bundle itself (instruction-only). The instructions rely on cloning a third-party GitHub repo and running pnpm, which is a common but higher-risk install approach because it pulls and executes upstream code. The repo URL is explicit (github.com/xiaojiou176-open/Switchyard.git) — not a shortener or IP, but you should verify the repo before cloning and running.
Credentials
The skill declares no required environment variables, no credentials, and no config paths beyond repo-local MCP config snippets. The requested access is proportional to the stated task: launching and querying a local read-only runtime. There are no unrelated secrets requested.
Persistence & Privilege
always is false and the packet is instruction-only; it does not request persistent presence or modification of other skills. Autonomous invocation is allowed by default (platform behavior) but not unusual here and not combined with other privilege escalation indicators.
Assessment
This packet is coherent for local, read-only Switchyard diagnostics, but it requires cloning and running a third-party GitHub repo with pnpm. Before installing or following its instructions: 1) review the referenced repository (package.json scripts, pnpm install effects, any postinstall hooks) to ensure you trust it; 2) run the demo in an isolated environment (container or VM) to limit blast radius; 3) replace /ABSOLUTE/PATH/TO/SWITCHYARD carefully and avoid running commands as root; 4) if you cannot review the repo, do not run pnpm install/run on sensitive hosts; 5) the skill claims read-only behavior — verify the MCP endpoints and tests in a safe environment to confirm they only expose runtime diagnostics and do not perform writes or exfiltrate data.references/OPENCLAW_MCP_CONFIG.json:11
Install source points to URL shortener or raw IP.
references/OPENHANDS_MCP_CONFIG.json:10
Install source points to URL shortener or raw IP.
About static analysis
These patterns were detected by automated regex scanning. They may be normal for skills that integrate with external APIs. Check the VirusTotal and OpenClaw results above for context-aware analysis.Like a lobster shell, security has layers — review code before you run it.
diagnosticsvk97ezw2zsfazde63a6a84740qs84h43alatestvk97ezw2zsfazde63a6a84740qs84h43amcpvk97ezw2zsfazde63a6a84740qs84h43aprovidersvk97ezw2zsfazde63a6a84740qs84h43aread-onlyvk97ezw2zsfazde63a6a84740qs84h43aswitchyardvk97ezw2zsfazde63a6a84740qs84h43a
License
MIT-0
Free to use, modify, and redistribute. No attribution required.