ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

LeSecure Local/On-Prem

v1.0.1

LESecure Local/On-Prem — encrypt and decrypt data, files, and folders using the LE desktop tool with layered locks (pin, password, MFA, time lock, geo-locati...

0· 31·0 current·0 all-time
byLadhe's Encryption - LE@spalgorithm
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
Requires sensitive credentials
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (local on‑prem encryption) matches the instructions: all operations invoke a local LE binary, use local plaintext or files, and explicitly avoid cloud file/folder encryption. There are no unrelated required env vars, binaries, or install steps.
Instruction Scope
The SKILL.md instructs the agent to execute the LE binary and to run Python (or date) for timezone-aware timestamps; it also mandates always using EST/EDT and prescribes exact flags (including destructive flags only after explicit user confirmation). Two noteworthy points: (1) location queries are handled by running `LE -7` and returning its output when the user asks 'where am I' — this will expose device location to the conversation and the skill does not require a separate explicit permission beyond the user query, and (2) the skill assumes Python 3 and zoneinfo/timezone data are available, which may not hold on all systems. These are functional design choices rather than incoherences, but they have privacy and availability implications.
Install Mechanism
There is no install spec and no code files; the skill is instruction‑only and relies on an existing local LE binary and Python. This minimal footprint is appropriate for a tool that wraps a local desktop binary.
Credentials
The skill requests no credentials or config paths. It optionally respects an LE_BIN environment variable to locate the binary, which is proportionate and expected for a wrapper around a local executable.
Persistence & Privilege
The skill is not always-enabled and does not request system persistence or modify other skills/config. Autonomous invocation is allowed by default (platform normal), which is reasonable for a user-invoked local tool wrapper.
Assessment
This skill is a local wrapper that runs your LE desktop binary and uses Python/date to compute EST/EDT timestamps. Before installing or using it: (1) ensure the LE binary on your PATH (or the path you provide) is the legitimate vendor binary — do not point LE_BIN at an arbitrary program; (2) be aware that asking 'where am I' will cause the skill to run `LE -7` and return your device's location — only use that if you want location revealed in the chat; (3) the skill enforces EST/EDT for time locks (intentional but may be surprising if you operate in other timezones); (4) the skill will require Python 3 with zoneinfo/tzdata for its time computations, or it will fall back to date variants; and (5) destructive flags (-c, -j) are protected by explicit confirmation, but always double-check before confirming deletion. If any of these behaviors are unacceptable (especially location disclosure or forcing EST/EDT), do not enable the skill or request changes from the developer.

Like a lobster shell, security has layers — review code before you run it.

AIvk9721z6gcznx4d0ga215sf04d584wc8yQuantumvk9721z6gcznx4d0ga215sf04d584wc8yclaudevk9721z6gcznx4d0ga215sf04d584wc8ycodexvk9721z6gcznx4d0ga215sf04d584wc8ycybersecurityvk9721z6gcznx4d0ga215sf04d584wc8ydatavk9721z6gcznx4d0ga215sf04d584wc8ydatabasevk9721z6gcznx4d0ga215sf04d584wc8ylatestvk978ynq5a0ftrnf5hvk1vyh3kn84xw34location lockvk9721z6gcznx4d0ga215sf04d584wc8ymfavk9721z6gcznx4d0ga215sf04d584wc8yotpvk9721z6gcznx4d0ga215sf04d584wc8ypasswordvk9721z6gcznx4d0ga215sf04d584wc8ypinvk9721z6gcznx4d0ga215sf04d584wc8ysecurevk9721z6gcznx4d0ga215sf04d584wc8ytime lockvk9721z6gcznx4d0ga215sf04d584wc8y

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments