ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Vibe Remote

v1.0.1

Vibe Remote 远程 AI Coding 工具。当用户提到 vibe-remote、vibe remote、远程 coding、iOS 远程控制 Mac 跑 AI 写代码、安装 vibe-remote、配置 vibe-remote、或提交 vibe-remote issue 时使用。

0· 105·0 current·0 all-time
by@firetable

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for firetable/vibe-remote.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Vibe Remote" (firetable/vibe-remote) from ClawHub.
Skill page: https://clawhub.ai/firetable/vibe-remote
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install vibe-remote

ClawHub CLI

Package manager switcher

npx clawhub@latest install vibe-remote
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The SKILL.md describes a CLI binary (vibe-remote), use of the GitHub CLI (gh), curl, and third‑party upload utilities; however the skill metadata declares no required binaries, no environment variables, and no install spec. That mismatch (the skill claims no requirements but instructs the agent to run specific binaries and provide account/password) is inconsistent and unexpected. Additionally, the packaged _meta.json shows a different ownerId/version than the registry metadata, another inconsistency.
!
Instruction Scope
Runtime instructions tell the agent to: run vibe-remote (including a headless mode that takes --account and --password), check gh auth status, create GitHub issues via gh, and upload images/videos to catbox.moe (or call another skill). These steps involve handling user credentials and sending user-provided files to external services. The skill also instructs the agent to always send the created issue link back to the user. The instructions therefore touch on sensitive actions (credential use and external file upload) beyond simple conversational assistance.
Install Mechanism
There is no install spec and no code files (instruction-only), which reduces the risk of arbitrary code being written by the installer. However, the skill assumes the presence of external binaries (vibe-remote, gh, curl) and references a repo/docs. Because installation/verification steps for the binary are not provided or enforced, users must manually obtain and verify the binary — omission is notable but not inherently malicious.
!
Credentials
The skill does not declare required environment variables or credentials, yet the SKILL.md instructs use of account/password for headless mode and relies on the user's GitHub authentication state. Asking for or passing plaintext account/passwords (or files) is high-risk and not justified by the metadata. The skill also recommends uploading potentially sensitive screenshots/videos to a public third-party (catbox.moe), which can expose private data. Cross-skill calls (nodeimage-upload) are referenced but not declared.
Persistence & Privilege
The skill is not always-enabled and does not request elevated platform privileges. It allows normal autonomous invocation (default), which is expected. There is no evidence it modifies other skills or system-wide agent settings.
What to consider before installing
What to consider before installing: - There are clear metadata vs instruction mismatches. The SKILL.md expects you to run a local binary (vibe-remote), the GitHub CLI, and curl, but the skill metadata declares no required binaries or env vars — verify these requirements yourself before trusting the skill. - The instructions include a headless mode that takes --account and --password. Never hand a password to a skill or agent without verifying what the binary does and whether credentials are stored/transported. Prefer using a scoped token or not running headless at all. - The skill suggests uploading images/videos to catbox.moe (a public third‑party). Any uploaded screenshot or video can become public — redact sensitive data and avoid uploading secrets or proprietary code. - The _meta.json ownerId/version differs from the registry metadata; confirm the publisher (check the GitHub repo and official docs) and prefer binaries from official releases with checksums/signatures. - Recommended actions before you proceed: inspect the referenced GitHub repo and release binaries, verify checksums, run the binary locally in a safe environment, avoid providing real credentials (use limited-scope tokens), and do not upload sensitive files to public hosts. If you cannot validate the binary and its behavior, treat the skill as untrusted.

Like a lobster shell, security has layers — review code before you run it.

latestvk97dnrwqp67kgbbcgdgjtcy39x83cabk
105downloads
0stars
2versions
Updated 1mo ago
v1.0.1
MIT-0
@firetable
latest
Download

Vibe Remote Skill

远程调用 AI Coding Agent 的工具,通过 iOS app 远程控制 Mac/Linux 机器上的 Claude Code / Codex 来写代码。

基本信息

启动

export PATH="$HOME/bin:$PATH"
vibe-remote

启动后会显示 QR 二维码,用 iOS Vibe Remote app 扫码连接。

Headless 模式(CI / 脚本)

vibe-remote --headless --account <用户名> --password <密码>

二进制文件路径:~/bin/vibe-remote

GitHub Issue 提交流程

提交 issue 前需要:

  1. 确保 gh CLI 已登录 GitHub:gh auth status
  2. 确认 owner/repo:ymzuiku/vibe-remote
  3. Issue 提交完成后,必须将链接发送给用户

Bug Report 格式

gh issue create --repo ymzuiku/vibe-remote \
  --title "<标题>" \
  --body "## Bug Description
<描述>

## Steps to Reproduce
1. ...
2. ...

## Expected Behavior
<期望行为>

## Actual Behavior
<实际行为>

## Version
<版本号>
vibe-remote Version: <版本>" \
  --label "bug"

Feature Request 格式

gh issue create --repo ymzuiku/vibe-remote \
  --title "<标题>" \
  --body "## Problem / Motivation
<问题背景>

## Proposed Solution
<建议方案>

## Alternatives Considered
<考虑过的替代方案>" \
  --label "enhancement"

图片/视频上传(嵌入 Issue)

GitHub Issue API 不支持直接上传二进制文件。规则:

文件类型上传方式
图片(jpg/png/gif/webp)使用 nodeimage-upload Skill;如不可用则用 catbox
视频(mp4/mov)上传到 catbox(见下方命令)

上传到 catbox(图片或视频均可用):

curl -F "reqtype=fileupload" -F "fileToUpload=@文件路径" https://catbox.moe/user/api.php

返回的 URL:

  • 图片:用 ![描述](URL) 嵌入 issue body
  • 视频:直接贴 URL

Issue 模板(参考)

字段说明
vibe-remote Version版本号,如 0.1.254
Operating SystemmacOS (Apple Silicon) / macOS (Intel) / Linux / Windows
Bug Description描述问题
Steps to Reproduce重现步骤
Expected Behavior期望行为
Actual Behavior实际行为

Issue 链接格式https://github.com/ymzuiku/vibe-remote/issues/<编号>

常用命令

# 显示帮助
vibe-remote help

# 检查版本
vibe-remote --version

# 重新生成 QR 码(运行中按 r)

Comments

Loading comments...