ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

EdgeIQ Network Scanner

v1.0.0

Performs authorized TCP port scanning, service banner grabbing, OS fingerprinting, and host discovery using pure Python without nmap on Windows/WSL/Linux.

0· 36·0 current·0 all-time
by@snipercat69
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
Crypto
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description match the included Python scanner and a Discord wrapper. The code implements host discovery, TCP connect scanning, banner grabbing and heuristics for OS fingerprinting — consistent with the declared purpose. Minor mismatch: SKILL.md installation path (~/.openclaw/skills/network-scanner) differs from the Discord wrapper's hard-coded SCRIPT_PATH (/home/guy/.openclaw/workspace/apps/network-scanner/scanner.py), which would break or cause unexpected behavior if not corrected.
Instruction Scope
SKILL.md instructions stay within scanning functionality (how to run scanner, scan depths, legal notice). The discord_network_command wrapper executes the scanner via subprocess.run which is expected. Watchpoints: the wrapper uses a fixed filesystem path to the scanner which can cause it to execute a different file than the one the user placed in their skills folder; the scanner's get_local_networks uses a subprocess call to `ip` and a fallback that may auto-detect and scan local networks — this is expected for a scanner but increases the chance of unintentionally scanning local subnets if used carelessly.
Install Mechanism
No external install/spec is provided and the code claims to be pure-stdlib Python; no remote downloads or package installs are required. This lowers supply-chain risk. The skill is instruction-only for installation but includes bundled code files (scanner.py and a Discord wrapper) that will run locally.
Credentials
The skill requests no environment variables, no credentials, and no special config paths. The scanner uses only local system calls and sockets — credential requests would be disproportionate, but none are present.
Persistence & Privilege
always is false and the skill does not request persistent/privileged platform presence. It runs as an on-demand script invoked by the wrapper; no evidence it modifies other skills or system-wide configuration.
What to consider before installing
This package appears to implement the advertised scanner, but take these precautions before installing or running it: 1) Inspect the full scanner.py file (the provided content was truncated) to ensure there are no hidden network callbacks or telemetry that would exfiltrate scan results. 2) Fix the hard-coded SCRIPT_PATH in discord_network_command.py or ensure you place the scanner at that exact path; otherwise the wrapper may fail or run an unexpected file. 3) Be aware the tool can automatically discover local networks (get_local_networks) — if you run commands like `!net local` it may scan subnets you didn't intend; use explicit targets when testing. 4) Confirm there are no embedded hard-coded endpoints, API keys, or upload/telemetry code (the SKILL.md mentions pro features like Slack/Telegram/ClawHub delivery but no implementation was visible — verify whether those are present in the full source). 5) Only run against networks you own or have explicit permission to scan. If you want higher assurance, ask the publisher for a full source dump and verify there are no network callbacks or obfuscated code; given the truncated review, that would change my confidence to high.
!
scanner.py:140
Potential obfuscated payload detected.
About static analysis
These patterns were detected by automated regex scanning. They may be normal for skills that integrate with external APIs. Check the VirusTotal and OpenClaw results above for context-aware analysis.

Like a lobster shell, security has layers — review code before you run it.

latestvk97d50yc90r4f9vjfqwxhejfrh84v6ajnetwork-scanvk97d50yc90r4f9vjfqwxhejfrh84v6ajos-fingerprintvk97d50yc90r4f9vjfqwxhejfrh84v6ajport-scanvk97d50yc90r4f9vjfqwxhejfrh84v6ajreconnaissancevk97d50yc90r4f9vjfqwxhejfrh84v6ajsecurityvk97d50yc90r4f9vjfqwxhejfrh84v6aj

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments