ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Hub Client

v1.0.1

Service marketplace: publish data as services, consume hub services

0· 35·0 current·0 all-time
by@tangboheng
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
CryptoCan make purchases
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description align with a service marketplace and the only declared env var (HUB_WS_URL) is appropriate. Required binaries (python, pip) and Python dependencies (websockets, aiohttp) are reasonable for a WebSocket-based hub client. Minor inconsistency: the registry shows no install spec, but SKILL.md includes a pip install hint (claw-service-hub).
!
Instruction Scope
SKILL.md gives runnable templates that register services able to read arbitrary files (list_files/read_file), call arbitrary external URLs, and import code from WORKSPACE_DIR by inserting it onto sys.path. Those instructions go beyond mere discovery/calling and enable exposing local filesystem contents and executing code from a user workspace; inputs are not sanitized in examples, so a remote caller could request sensitive files.
Install Mechanism
This package is instruction-only in the registry (no install spec), so nothing will be installed automatically. However SKILL.md contains pip-related metadata (install via pip: claw-service-hub and pip deps). If followed, that would pull code from PyPI (origin not explicit). Installing third-party pip packages is a moderate-risk action — review the package source before installing.
!
Credentials
Only HUB_WS_URL is declared, which is appropriate as the hub endpoint. However SKILL.md reads WORKSPACE_DIR (not declared) and suggests reading arbitrary filesystem paths (DATA_DIR) in examples. The skill's templates therefore reference environment/config locations outside the declared requirements and permit exposing local files — this is disproportionate unless the user intentionally wants to publish those files.
Persistence & Privilege
always is false and there is no indication the skill modifies other skills or system configuration. It does instruct running persistent service processes (LocalServiceRunner) but that is consistent with the purpose and requires user action.
What to consider before installing
This skill enables publishing local data as callable services and connecting to a remote hub; that is powerful but risky. Before installing or running it: 1) Verify and trust the HUB_WS_URL (the hub can call your published services and potentially request files). 2) Inspect any pip package (claw-service-hub) and the client code you plan to run — do not pip-install unreviewed packages from unknown sources. 3) Avoid registering file-reading handlers that access sensitive directories; restrict DATA_DIR to a safe folder and add path sanitization. 4) Be cautious about the sys.path insertion of WORKSPACE_DIR — it can cause execution of arbitrary code found in your workspace; either run services in an isolated environment or remove that behaviour. 5) If you only need to consume services, avoid running provider templates on systems with sensitive data. If you want a safer assessment, provide the actual pip package source (or repository) and a full list of runtime commands you intend to run so I can re-evaluate.

Like a lobster shell, security has layers — review code before you run it.

latestvk97bph8e5fvedhv6nen5yt6ned84rajf

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🔌 Clawdis
Binspython, pip
EnvHUB_WS_URL
Primary envHUB_WS_URL

Comments