Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Claw Lite
v7.2.1六层架构智能助手文档 - 包含架构设计、身份定义、工具规则等纯文档内容。无代码执行,无外部连接,无凭据要求。
⭐ 0· 832·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Suspicious
high confidencePurpose & Capability
The top-level description states 'pure documentation, no code execution, no external connections, no credential requirements', yet the bundle contains ~319 files including runnable Python modules (infrastructure/auto_git.py, infrastructure/daemon_manager.py, governance/security/secret-vault/get_secret.py, many orchestration/execution modules). These files imply behaviors (daemon management, auto Git sync, secret vault access, networked vector backends) that contradict the 'documentation-only' claim.
Instruction Scope
SKILL.md explicitly documents commands that start daemons and run scripts (./scripts/daemon.sh start, python scripts/unified_inspector_v7.py, python scripts/generate_metrics.py, infrastructure/daemon_manager.py status) and the docs mention automatic Git commits and heartbeats. Those instructions instruct running code that can access the network, the filesystem, and possibly remote repos — far beyond a read-only documentation skill.
Install Mechanism
There is no declared install spec (instruction-only), but the archive includes many executable scripts and Python modules. That means simply invoking the documented commands would execute included code. Although no external download URL or installer is present, bundling many runnable files while claiming 'no code execution' is a risky mismatch because the package provides executable surface without disclosure.
Credentials
Metadata declares no required env vars or credentials, but the content references Git operations (auto Git sync, note about a Token present in 'git remote -v' output), external LLM/APIs (ai.gitee.com, mentions of openai/anthropic/qdrant clients in docs), and a secret-vault module. Those elements imply the need for credentials and network access that are not declared — disproportionate and opaque.
Persistence & Privilege
always:false (good), and model invocation not disabled (normal). However the codebase contains daemon/heartbeat/autosync components that, if run, would create persistent background activity (daemon manager, heartbeat executor, auto Git sync). Combined with undeclared network/credential usage this increases the blast radius if the agent invokes the skill autonomously.
What to consider before installing
This package misrepresents itself as documentation-only while containing many runnable scripts and modules that can manage daemons, auto-commit/push to Git, and access secret-vault and external LLM/vector services. Before installing or running anything: 1) Treat it as executable code, not just docs. 2) Review the code paths named infrastructure/auto_git.py, infrastructure/daemon_manager.py, scripts/*.sh and any files referencing 'git', 'push', 'remote', 'requests', 'urllib', 'subprocess', 'os.environ', or 'get_secret'. 3) Search the repository for hard-coded endpoints or tokens (grep for 'http', 'github', 'gitee', 'Token', 'authorization', 'remote -v'). AGENTS.md already mentions a token in git remote output — verify whether a token is actually embedded. 4) Do not run scripts on a machine with access to sensitive data or credentials; instead run within an isolated sandbox or container with no network and limited filesystem access. 5) If you expect a documentation-only skill, ask the publisher/owner for clarification and a minimal SKILL.md that matches the package contents; request removal of any auto-network/daemon code or explicit disclosure of required env vars and network endpoints. 6) If you must use it, perform a thorough code review or run static analysis and restrict the environment (no network, no credentials) when executing any of the supplied scripts.governance/rules/rule_engine.py:235
Dynamic code execution detected.
infrastructure/automation/event_trigger.py:210
Dynamic code execution detected.
orchestration/workflow_engine.py:91
Dynamic code execution detected.
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.Like a lobster shell, security has layers — review code before you run it.
AI Agent / Systemvk97fygh979nqrpp57h7g66276584ahfgdocumentationvk97cstgec6aza90v9qqv47dn0n84mdc2latestvk97favk11wj0htk925g0tg6w9184zewz
License
MIT-0
Free to use, modify, and redistribute. No attribution required.