ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

uStack

v0.1.0

Universal agent workspace compatibility and update engine. Track upstream agent frameworks (like gstack), analyze every change, classify portability, and gen...

0· 70·0 current·0 all-time
by@aggie-security

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for aggie-security/ustack.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "uStack" (aggie-security/ustack) from ClawHub.
Skill page: https://clawhub.ai/aggie-security/ustack
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install ustack

ClawHub CLI

Package manager switcher

npx clawhub@latest install ustack
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The skill claims to import, diff/analyze, and publish updates from upstream agent repos and the code implements exactly that: git clone/pull, git diff/log, file inspection, IR extraction, and markdown generation. One mismatch: the package/README/SKILL.md document Node.js >=20 and Git as requirements, but the registry metadata lists no required binaries—so the metadata underreports required runtime tools.
Instruction Scope
Runtime instructions and code operate on user-provided Git repository URLs: cloning/pulling repos and reading/writing files under a local .ustack workspace. The tool runs git via child_process and reads many repository files to build reports. It does not request secrets or call external services beyond git network access to the supplied repo URL, nor does it execute arbitrary repo scripts. Because it clones arbitrary repos, run it in an isolated directory/container when importing untrusted repositories.
Install Mechanism
There is no install spec (instruction-only/install-from-source), package.json contains no external dependencies, and files are not fetched from unknown remote archives. The code expects Node.js and Git (package.json engines and SKILL.md), which is a conventional, low-risk setup. No remote install URL or extracted archives were found.
Credentials
No environment variables, credentials, or config paths are required. The code emits metadata that references service auth types (e.g., 'bearer-token') as IR metadata only; it does not ask for or store secrets. Requested environment access is proportional to the declared functionality.
Persistence & Privilege
always is false and the skill operates only within a .ustack directory under the current working directory. It writes manifests, snapshots, and run artifacts there but does not modify other skills or global agent settings. Autonomous invocation is allowed by default (disable-model-invocation: false) but this is the platform default and not combined with other red flags.
Assessment
uStack appears coherent: it clones/pulls Git repos and analyzes their contents, writes artifacts to .ustack/, and generates Markdown pages. Before installing or running: 1) be aware it requires Node >=20 and git (run in an environment with those installed); the registry metadata did not list these—that's an inconsistency. 2) Only import repositories you trust or run ustack in an isolated directory/container, since it will clone arbitrary repos and write files locally. 3) Review the generated .ustack content and manifests before using any adapted output in production. 4) Note there are minor code/quality issues (e.g., a missing fs import in one extractor) — these look like bugs, not malicious behavior. If you need stronger guarantees, run it in a sandboxed environment or inspect the cloned repo contents before further automated processing.
src/commands/doctor.js:16
Shell command execution detected (child_process).
src/lib/git.js:12
Shell command execution detected (child_process).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk97183y2rbdqyqafr1a5wv784n84e5td
70downloads
0stars
1versions
Updated 2w ago
v0.1.0
MIT-0
@aggie-security
latest
Download

uStack — One Workspace. Any Agent.

uStack watches frontier agent-native workspaces, analyzes each upstream change, and produces a portable version that works for your agent/runtime.

Commands

Import an upstream framework

node ustack/bin/ustack.js import https://github.com/garrytan/gstack --name gstack

Clones the upstream repo, detects key files (skills, control docs, config, tooling), identifies structure (skill count, host conventions, category), and writes a manifest.

Analyze changes

node ustack/bin/ustack.js analyze gstack

Diffs HEAD against previous snapshot. Classifies impact across 8 areas: skills, install, browser, workflow, safety, tooling, docs, config. Assesses portability: portable / needs-adaptation / host-specific.

Publish update page

node ustack/bin/ustack.js publish gstack

Generates a website-ready markdown page with YAML frontmatter. Includes: summary, impact table, portability breakdown, commit list, usage instructions, and trust notes.

Output lands in .ustack/site/updates/<id>/ — ready for blog/feed integration.

Update (all-in-one)

node ustack/bin/ustack.js update gstack

Combines import → analyze → publish. Cron-friendly — only proceeds with analyze+publish if upstream actually changed.

Doctor

node ustack/bin/ustack.js doctor

Shows configured upstreams, last import/analysis dates, skill counts, host conventions, and flags upstreams with unanalyzed changes pending.

Architecture

Upstream repo → uStack IR → Target runtime

No pairwise adapters. One normalized intermediate representation, one renderer per target. Adding a new upstream or target is independent.

Run Artifacts

.ustack/
  upstreams/<id>/manifest.json     — upstream metadata + revision tracking
  runs/<id>/<timestamp>/           — analysis.json, analysis.md, publish.md
  site/updates/<id>/<date>.md      — website-ready update pages

Supported Upstreams

  • garrytan/gstack — workflow-skill framework (36 skills, 8 agent hosts)
  • More upstreams can be added with ustack import <url> --name <id>

Requirements

  • Node.js >= 20
  • Git

Comments

Loading comments...