ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

AIMA Doctor

v0.2.7

Diagnose and repair OpenClaw when your agent is stuck, confused, or failing. One-command rescue for process health, config breakage, and device registration.

1· 95·0 current·0 all-time
byguanjiawei@skyguan92
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The name/description (diagnose and repair OpenClaw) matches the runtime actions: the skill checks for a local helper and, if absent, downloads and runs a packaged runtime to perform repairs. Asking to place a helper under ~/.openclaw/tools/aima-doctor/ and to run it is proportionate to the stated purpose.
Instruction Scope
Instructions are narrowly scoped to checking/placing/executing the helper runtime and relaying user symptoms. The SKILL.md explicitly warns not to solicit remote shell one-liners and to keep tokens out of chat. However, the runtime is executed with a symptom string provided by the agent — the helper could access system state, so you should inspect the runtime before running if you have concerns.
Install Mechanism
This is instruction-only and the install step directs automatic download from a GitHub releases URL with an expected SHA256 checksum (good practice). A minor inconsistency: README references a different host (aimaservice.ai/doctor/runtime.zip) while SKILL.md points to the GitHub releases URL. Downloads from GitHub releases are common; extracting and executing an archive into the user's home is higher-risk but coherent for a repair runtime.
Credentials
The skill requests no environment variables or credentials and does not require unrelated secrets. The SKILL.md also admonishes keeping sensitive tokens out of chat. This is appropriate for a local repair tool.
Persistence & Privilege
The skill writes the runtime under ~/.openclaw/tools/aima-doctor/ and executes it, which is normal for a helper. always is false and agent autonomous invocation remains allowed (platform default). There is no indication the skill modifies other skills or system-wide settings, but the downloaded runtime will run arbitrary code locally — that persistence and privilege should be acknowledged.
Assessment
This skill appears to do what it says: download a packaged helper and run it to diagnose and repair OpenClaw. Before installing, verify the release/source: 1) Confirm the GitHub repository and homepage URLs are legitimate and match the vendor you trust. 2) If the installer runs automatically, prefer the SHA256 verification step and manually verify the checksum yourself. 3) Note README references a different download host — prefer the canonical release location you trust and avoid ambiguous mirrors. 4) Inspect the extracted runtime (run.sh / run.ps1) before executing, or run it in a sandbox/VM if you're unsure. 5) Never paste secrets into chat unless explicitly asked and you understand why; follow the skill's guideline to keep tokens out of normal chat. If you want greater assurance, request the runtime source code or a signed release from the publisher before proceeding.

Like a lobster shell, security has layers — review code before you run it.

diagnosisvk9726f0c5ajchddcje0c5ca9nx83gm08healthvk9726f0c5ajchddcje0c5ca9nx83gm08latestvk9726f0c5ajchddcje0c5ca9nx83gm08recoveryvk9726f0c5ajchddcje0c5ca9nx83gm08repairvk9726f0c5ajchddcje0c5ca9nx83gm08troubleshootingvk9726f0c5ajchddcje0c5ca9nx83gm08

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

OSmacOS · Linux · Windows

Comments