ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

inputshield

v1.0.1

Input validation & sanitization scanner -- catches missing validation, unsafe deserialization, ReDoS, path traversal, command injection, and XSS patterns

0· 46·0 current·0 all-time
by@suhteevah
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
Requires sensitive credentials
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The skill's name/description (input validation scanner) matches the provided files and runtime behavior: dispatcher, analyzer, pattern definitions, and license checking. Required binaries (git, bash, python3, jq) and the single primary credential (INPUTSHIELD_LICENSE_KEY) are appropriate for local scanning, config parsing, and license validation. The brew install of lefthook is coherent with the described git-hook integration.
Instruction Scope
SKILL.md instructs the agent to run local shell scripts which: discover source files, run grep-based regex patterns, produce reports, and optionally install lefthook hooks. The runtime scripts only read project files and the declared config path (~/.openclaw/openclaw.json) for license lookup. There are no instructions to send data to external endpoints or to read unrelated system credentials. One minor note: license.sh will attempt to run local python/node/jq to parse the OpenClaw config and will accept an env var override for the license key.
Install Mechanism
Install is limited to recommending/using the lefthook brew formula (common git hook manager). There are no downloads from untrusted URLs or archive extraction steps in the provided install spec. The installer copies a lefthook.yml into the repo when hooks are installed, which is expected for pre-commit hook integration.
Credentials
Only one primary credential is required (INPUTSHIELD_LICENSE_KEY) which is justified by the Pro/Team licensing model. The scripts also read the declared config path (~/.openclaw/openclaw.json) to find a stored apiKey. There is an optional CLAWHUB_JWT_SECRET usage inside license validation (only for signature verification) which is not required but harmless when present; it is not listed as required in metadata but its presence only tightens license verification.
Persistence & Privilege
The skill is not always-enabled and is user-invocable (normal). Installing hooks will write/modify lefthook.yml in the repository and run lefthook install — expected behavior. Note: the lefthook hook configuration sources scripts from the skill directory (INPUTSHIELD_SKILL_DIR or ~/.openclaw/skills/inputshield) at commit time; this means the hook will execute whatever code exists at that path when triggered, so ensure the skill install location is trusted and not writable by untrusted parties.
Assessment
What to consider before installing: - The skill appears to be what it claims: a local, grep/regex-based scanner with an optional paid license. The single required secret (INPUTSHIELD_LICENSE_KEY) is proportionate to the license checks. - License handling: the scripts will look in ~/.openclaw/openclaw.json for a stored apiKey and may invoke local python/node/jq to parse that file; if you prefer, set INPUTSHIELD_LICENSE_KEY as an environment variable instead of storing it in config. - Pre-commit hooks: installing hooks will copy/modify lefthook.yml in your repo and run lefthook install. The hooks source the skill scripts from the skill installation directory at commit time — ensure that directory is trusted and not writable by others because hooks execute code from there when you commit. - No telemetry/network calls were found in the provided scripts, but the source is listed as "unknown" in registry metadata; if you do not already trust the publisher, inspect the shipped scripts (dispatcher.sh, analyzer.sh, license.sh, patterns.sh) before running installs or enabling hooks. - Functional note: detection is regex-based and may produce false positives; review findings before taking automated action. If you install, prefer running a one-shot scan first (no hooks) to validate behavior and outputs.
scripts/patterns.sh:259
Shell command execution detected (child_process).
scripts/patterns.sh:270
Dynamic code execution detected.
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk977q1r4zj9afa1h9qeybc6ped84v8ec

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🛡️ Clawdis
OSmacOS · Linux · Windows
Binsgit, bash, python3, jq
Primary envINPUTSHIELD_LICENSE_KEY

Install

Install lefthook (git hooks manager)
Bins: lefthook
brew install lefthook

Comments