ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Tech Security Audit

v1.0.0

Performs local network scans using Nmap to detect vulnerabilities, identify service versions, and fingerprint operating systems.

0· 984·1 current·1 all-time
by@jacqueslauren

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for jacqueslauren/tech-security-audit.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Tech Security Audit" (jacqueslauren/tech-security-audit) from ClawHub.
Skill page: https://clawhub.ai/jacqueslauren/tech-security-audit
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install tech-security-audit

ClawHub CLI

Package manager switcher

npx clawhub@latest install tech-security-audit
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
!
Purpose & Capability
The SKILL.md, README, and code all state this is an Nmap-integrated network scanner and the code legitimately invokes the nmap binary. However, the registry metadata lists no required binaries while the docs explicitly require Nmap in PATH — that mismatch is an incoherence (the skill should declare 'nmap' as a required binary). Other than that omission, the requested resources (no credentials, no external endpoints) align with the stated purpose.
Instruction Scope
Runtime instructions are limited to calling run_nmap_scan and the shipped code only runs the local 'nmap' executable (via subprocess.run with a list of args) and parses its XML output. The SKILL.md does not ask the agent to read unrelated files, exfiltrate data, or call external endpoints. One operational caution: the code does not sanitize or validate user-supplied targets beyond passing them as an argument to nmap — while list-based subprocess avoids shell injection, untrusted inputs could still cause unintended scans or be interpreted by nmap in unexpected ways.
Install Mechanism
No install spec is present and all code is included in the package — nothing is downloaded or written during install. This is low-risk from an installation standpoint. Note: the skill depends on the system having Nmap installed (manually), which the package metadata fails to declare.
Credentials
The skill requests no environment variables, credentials, or config paths — appropriate for a local scanner that invokes an external tool. There are no surprising credential requests or unrelated env access.
Persistence & Privilege
always:false (normal). The skill can be invoked autonomously by the agent (platform default). Because network scanning is sensitive and potentially disruptive or legally restricted, consider whether you want the agent to invoke scans autonomously; that risk stems from scan behavior, not from elevated privileges requested by the skill itself.
Assessment
What to check before installing: - Confirm you have explicit authorization to scan any network targets you will test — unauthorized scanning can be illegal or disruptive. - Ensure Nmap is installed and in PATH; the skill's docs require it but the registry metadata does not declare it as a required binary. Expect to install Nmap yourself. - If you will pass user-provided targets to this skill (especially in multi-user or automated contexts), validate or restrict those inputs to avoid accidental scans of third-party addresses or private ranges you don't control. - Running the skill will execute the local nmap binary via subprocess.run. That is expected for this functionality, but be mindful: the agent could perform noisy scans if invoked autonomously. Consider limiting autonomous invocation or adding governance controls before allowing the agent to run this skill without explicit user confirmation. - If you need stronger guarantees, review/modify the code to enforce allowed target ranges, rate limits, logging/auditing, and to surface scan parameters to the user rather than using defaults.

Like a lobster shell, security has layers — review code before you run it.

latestvk9741sa2tamaxw6eqehfmxmhg180wwcd
984downloads
0stars
1versions
Updated 16h ago
v1.0.0
MIT-0
@jacqueslauren
latest
Download

Tech Security Audit Skill

This skill integrates Nmap scanning functionality to perform local network vulnerability assessments.

Features

  • Local network scanning
  • Vulnerability detection
  • Service version detection
  • OS fingerprinting

Requirements

  • Nmap must be installed and accessible in PATH
  • Appropriate permissions for network scanning

Usage

Call the skill functions to perform scans on specified targets or network ranges.

Comments

Loading comments...