ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

skill-isolator

v1.0.0

Project-based skill isolation and management. Enables different projects to use different skill sets with automatic loading based on current working director...

0· 279·0 current·0 all-time
byCriss_Su@sucriss
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill's name/description align with the included scripts (init, validate, sync) and the file layout. However, the runtime code invokes an external 'clawhub' CLI to install skills even though the skill metadata does not declare any required binaries; the SKILL.md and examples also reference git/url sources and optional auth (GITHUB_TOKEN) even though git/url support is 'not yet implemented' in the sync script. These are inconsistencies between claimed capabilities and actual implementation or declared requirements.
Instruction Scope
SKILL.md instructs the agent/user to create project config files and run the provided scripts. The scripts scan up to 10 parent directories for .openclaw-skills.json, read/write cache and log files under ~/.openclaw (or APPDATA path), and call external installers. The SKILL.md promises 'automatic' loading on project enter; the repo only provides scripts and configuration options for autoSync, but no background hook/daemon — auto-sync would need a shell or agent integration to run the sync script on directory change. The scripts access typical environment variables (HOME, APPDATA, USERPROFILE) and filesystem paths which is expected for this functionality.
Install Mechanism
There is no remote install specification (no downloads or extract steps). All code is included in the package and the sync script runs local actions and calls the external 'clawhub' command. This is low-risk from an installation artifact perspective, but runtime exec of external commands is present.
Credentials
The package declares no required environment variables, but the scripts read standard environment variables (HOME, APPDATA, USERPROFILE) to determine cache/skill/log locations — this is reasonable. Example configs and validate logic reference an 'auth' object that can point to an env var (e.g., GITHUB_TOKEN) for git sources; the code currently logs that git/url support is unimplemented but the presence of that example means a user could add auth/env-based settings later. The inconsistency is that the skill does not explicitly state it may use credentials for git or other sources.
Persistence & Privilege
The skill does not request always:true or modify other skills' configs. It writes cache and logs to ~/.openclaw and installs skills into ~/.openclaw/skills — that is expected for its purpose. Autonomous invocation by the model is enabled by default on the platform, but the skill itself is implemented as CLI scripts; there's no evidence it autonomously registers a persistent background service. The SKILL.md's 'auto-sync on project enter' is a configuration feature, not an implemented background watcher in the code.
What to consider before installing
What to check before using this skill: - The sync script runs 'clawhub install <skill>' via execSync. Make sure you have the 'clawhub' CLI installed and trust it before running the sync script; the skill does not declare this as a required binary in its metadata. - The scripts will read and write files under your home directory (e.g., ~/.openclaw/cache, ~/.openclaw/logs, ~/.openclaw/skills). If you prefer not to have those paths written, review/modify the code first. - Example config mentions GitHub token (GITHUB_TOKEN) for git sources; if you later enable git/url sources you may need to expose credentials. The current sync script reports git/url as 'not yet implemented', but the validate/example files reference auth, so be cautious if you edit configs to include credentials. - SKILL.md says skills will 'auto-sync on project enter' — the package provides flags and config options but no background watcher; you'll need to wire the sync script into your shell, editor, or agent to get automatic behavior. - Recommended actions: inspect the scripts locally (they are small and readable), run validate-config.js on any config you create, and run sync-project-skills.js in a test directory first to observe what it writes and what external commands it invokes. If you do not want the 'clawhub' dependency or any network installs, avoid running the sync script or remove/modify the installFromClawhub function.
scripts/sync-project-skills.js:135
Shell command execution detected (child_process).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

configurationvk9798fx35xmbcpb3dxb4he1cdn82mfy2isolationvk9798fx35xmbcpb3dxb4he1cdn82mfy2latestvk9798fx35xmbcpb3dxb4he1cdn82mfy2multi-sourcevk9798fx35xmbcpb3dxb4he1cdn82mfy2openclawvk9798fx35xmbcpb3dxb4he1cdn82mfy2productivityvk9798fx35xmbcpb3dxb4he1cdn82mfy2project-managementvk9798fx35xmbcpb3dxb4he1cdn82mfy2

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments