ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Skill Security Scanner

v1.0.1

Security audit tool for OpenClaw skills. Scans for credential harvesting, code injection, network exfiltration, obfuscation. ALWAYS run before installing any...

1· 709·4 current·5 all-time
by@suryast
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The SKILL.md and included shell scripts implement a static, pattern-based scanner for skills (network calls, credential file access, dynamic execution, base64, env access). The files present (audit.sh, audit-all.sh, preinstall-check.sh, allowlist/blocklist) are exactly what a simple local auditor would need; no unrelated cloud credentials, binaries, or config paths are requested.
Instruction Scope
Instructions are focused on running local audits and integrating a pre-install check. The auditor scans arbitrary skill directories (as intended) and prints matching lines; it does not send data externally. Note: the regexes are broad and will produce false positives (and may match comments or benign code). Also review the scripts before running, since they will read files you point them at and print matching lines (which could include secrets).
Install Mechanism
No install spec is provided (instruction-only with shipped scripts). That is low-risk from an install-network perspective. The provided scripts will be executed locally by the user/agent; they write to local blocklist/allowlist files in the skill directory, which is reasonable for a scanner.
Credentials
The skill requests no environment variables or credentials. The scripts use common environment values (HOME, provided skill path) only. There are no declared or hidden credential requirements.
Persistence & Privilege
always is false and the skill does not attempt to modify other skills' configs or system-wide agent settings. It does persist its own allowlist/blocklist files in its directory, which matches its purpose.
Assessment
This looks like a coherent local security auditor. Before running it: (1) review the shipped scripts yourself (they will execute locally and read files you point them at); (2) be aware the scanner uses broad regexes and can produce false positives—manually inspect any HIGH/CRITICAL matches; (3) confirm blocklist.txt and allowlist.txt are stored where you expect (they are in the skill directory) before trusting automatic writes; (4) note the SKILL.md advertises paid 'premium' links — unrelated to the audit functionality; (5) if you plan to run this automatically in agents, treat it like any third-party tool: run it in a trusted environment and consider code review or running in a sandbox first.

Like a lobster shell, security has layers — review code before you run it.

latestvk9717x6r08tbp89vvsb7zrnmhh81mmrt

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments