ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Vpn Setup

v1.0.1

一键搭建 VPN 服务器(WireGuard/OpenVPN),支持多种 Linux 发行版。

0· 128·1 current·1 all-time
by@june910
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (VPN installer) matches the included script and SKILL.md. Declared required binaries (curl, bash) are appropriate for the installer wrapper. The script performs system package installs, key generation, service enablement and client config creation — all coherent with a VPN installer.
Instruction Scope
Instructions tell the agent to run the bundled bash script, which in turn reads /etc/os-release, writes system files (/etc/wireguard, /etc/sysctl.d), enables services, and contacts external IP lookup services (ifconfig.me, icanhazip.com, api.ip.sb). These network calls and system modifications are expected but should be noted because they touch system networking state and contact third‑party endpoints.
Install Mechanism
No package install spec (instruction-only) — the risk surface is the included script. The script downloads and executes an external OpenVPN installer from raw.githubusercontent.com (angristan/openvpn-install), which is a common upstream but still a remote code execution point; this is a moderate risk but expected for automated OpenVPN installation.
Credentials
The skill does not request secrets or unrelated environment variables. Exposed environment variables (VPN_TYPE, SERVER_IP, PORT, DNS, CLIENT_NAME) are appropriate for configuration. The script does require root privileges to perform system changes — justified by its purpose.
Persistence & Privilege
The script must be run as root and modifies system configuration (network forwarding, iptables rules, systemd services, /etc files). The skill is not force-enabled (always: false). These privileges are necessary for a VPN installer but carry inherent risk; consider manual review before running with root.
Assessment
This skill appears to do what it says, but it must be run as root and will modify networking and system files and contact third‑party sites. Before installing: (1) review the script contents locally (scripts/vpn-install.sh) to confirm behavior; (2) be aware it downloads and executes an external OpenVPN installer from GitHub — inspect that upstream script if you plan to install OpenVPN; (3) test in a disposable VM or staging host first; (4) adjust the hardcoded network interface (the script uses eth0 in iptables MASQUERADE) to match your server; (5) ensure you trust the IP lookup endpoints (they will see your server IP) and change default ports/keys after install. If you want lower risk, run the WireGuard path only (it does not fetch external installers) or perform manual, stepwise installation using official distro packages.

Like a lobster shell, security has layers — review code before you run it.

latestvk976bexbpezp6wfs9g6czctvv983f27p

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🔐 Clawdis
Binscurl, bash

Comments