ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Universal Agent

v1.0.0

This skill should be used when the user needs to execute tasks through a complete automated workflow: understand natural language intent, dynamically generat...

0· 63·0 current·0 all-time
by波动几何@wangjiaocheng
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
Crypto
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill's declared purpose is to generate and execute commands/scripts end-to-end; the included Python implementation and SKILL.md are consistent with that capability. However the registry metadata declares no required environment variables or credentials while the code and docs show modes that require an LLM API key (config.json or LLM_API_KEY) for standalone operation and expect bridge-specific env vars (UA_THINK, UA_GENERATE_SCRIPT, UA_DEBUG_AND_FIX, UA_SUMMARIZE). That mismatch between declared requirements and actual code is a coherence issue.
!
Instruction Scope
SKILL.md and the script explicitly instruct the agent to auto-generate and execute arbitrary shell commands and Python scripts, access/modify files (memory, temp scripts, config.json), and call arbitrary APIs or control hardware. While this is consistent with a 'universal agent' purpose, the runtime instructions also rely on environment-based bridge communication (UA_* variables) and permit self-repair loops that can execute repaired code — broad discretion that can be misused and is not constrained by the registry metadata.
Install Mechanism
There is no install spec (instruction-only skill with bundled script), so nothing is downloaded or extracted at install time. This minimizes install-time risk; however, the skill includes a large standalone Python script that will be written to disk when installed and can execute arbitrary commands at runtime.
!
Credentials
Registry says 'no required env vars' but the code and docs expect an LLM API key for standalone mode (config.json or LLM_API_KEY) and use UA_* environment variables as the bridge protocol. The skill also persists memory and temp scripts to disk. The absence of declared credential requirements in metadata is inconsistent and could lead to users unknowingly supplying sensitive keys to a powerful executor.
Persistence & Privilege
always:false (not forced). The skill persists execution history/memory to a file (universal_agent_memory.json) and writes temporary script files when executing tasks. It does not declare modifying other skills or system configs, but its ability to run arbitrary commands/scripts implies it can alter system state — so limit scope and run under least privilege.
What to consider before installing
This skill truly executes arbitrary shell commands and generated Python code and thus has high potential impact. Specific points to consider before installing or running: - Metadata mismatch: the registry claims no required env vars, but the script uses an LLM API key (config.json or LLM_API_KEY) for standalone mode and expects UA_* env vars in bridge mode. Ask the publisher to correct the metadata. - Prefer Bridge mode with a trusted external 'brain' (external agent provides UA_* inputs) rather than Standalone mode, unless you fully trust and have reviewed the script. Bridge mode lets you control what code/commands are fed to the executor. - Do not run Standalone mode without reviewing the code yourself. The script will write temp scripts, persist a memory file, and can run arbitrary system/network commands — run it in a sandboxed container with minimal privileges and limited network access. - Do not include secrets or credentials in task descriptions. Remove or rotate any API keys stored in config.json before sharing the environment. - If you need to use it, set command/script timeouts low, leave dangerous_mode = false, and inspect/wipe the memory file regularly. If the publisher can (1) update the registry metadata to declare LLM_API_KEY and describe UA_* env vars explicitly, and (2) provide a clear, auditable safety policy or a hardened execution sandbox mode, my confidence in moving this to benign would increase.
scripts/universal_agent.py:943
Dynamic code execution detected.
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk973h4sxja5tfn2k626z6dhsr1848kq6

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments