Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Ganglion
v0.1.0Use for every task involving this project. Covers running Ganglion, its CLI commands, HTTP bridge API, pipeline execution, knowledge queries, configuration,...
⭐ 0· 210·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description match the declared requirements: python3 and the ganglion CLI are appropriate for a CLI/HTTP-bridge operator skill. The LLM_PROVIDER_API_KEY is justified by the LLM client requirements documented in configuration.md.
Instruction Scope
SKILL.md instructs the agent to run local CLI commands and to call the local HTTP bridge; it documents endpoints that can read project source files (/v1/source) and accept mutations that write Python code (POST /v1/tools, /v1/agents, /v1/prompts, PATCH /v1/pipeline). Those behaviors are coherent with the stated purpose (managing pipelines and registering tools), but they expand the agent's runtime scope to reading project files and persisting user-provided code — operations with real security implications. The docs also reference GANGLION_PROJECT/GANGLION_URL conventions and only the declared LLM_PROVIDER_API_KEY environment variable.
Install Mechanism
No embedded install step in the skill bundle (instruction-only). SKILL.md recommends 'pip install ganglion' — a normal public packaging mechanism. No downloads from arbitrary URLs or archive extraction are present in the skill bundle.
Credentials
Only LLM_PROVIDER_API_KEY is required and explicitly documented as used by the LLM client. No unrelated credentials or secret environment variables are requested. The SKILL.md also mentions GANGLION_PROJECT and GANGLION_URL as conventions (not secret keys).
Persistence & Privilege
The skill is flagged always: true in metadata, which force-includes it in every agent run. Combined with documented mutation endpoints that allow writing arbitrary Python code into project directories and reading project source files, this increases the blast radius if the skill or its code is compromised. The SKILL.md does describe validation and blocked imports for uploaded code, but always: true is a significant privilege and lacks explanation/justification in the doc.
What to consider before installing
This skill appears to be what it claims — a Ganglion operator manual — and needs python3, the ganglion CLI, and an LLM API key. However:
- The skill is marked always: true; that forces it into every agent session and amplifies risk. Consider removing/disallowing always-enabled skills unless you trust them.
- The documented HTTP bridge can read project files and accept mutations that write Python code. Even with validator rules and blocked imports, uploaded code runs in the same process and can introduce vulnerabilities. Only use this skill with projects you control and inspect incoming code before accepting it.
- Limit exposure of your LLM API key (use a dedicated key with minimal billing/privileges or rate limits) and run Ganglion in an isolated environment (container, restricted network) if possible.
- Verify the actual ganglion package source (pip/GitHub release) and review the ganglion CLI and server code before installing or exposing GANGLION_URL to remote networks.
If you want to proceed safely: do not enable always: true, run the skill in sandboxed agents, audit any registered tools/agents before they are persisted, and keep backups of project files.Like a lobster shell, security has layers — review code before you run it.
latestvk97dfq1yj1tmfkenrr967h8yzh82jph0
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
📘 Clawdis
Binspython3, ganglion
EnvLLM_PROVIDER_API_KEY