ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Paid Bash Security V1.1

v1.1.1

23-validator bash security chain validated in production Claude Code deployments. Every check closed a real attack vector.

0· 25·0 current·0 all-time
by~K¹yle Million@thebrierfox
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The skill's description asserts it 'installs a 23-validator bash security chain' and 'activates on every exec', but the package contains only SKILL.md (no code, no scripts, no BASH_SECURITY_ARCHITECTURE.md despite referencing it). There is no install spec, no binaries, and no files that could implement runtime validators — i.e., the requested/available artifacts do not support the claimed capability.
!
Instruction Scope
Runtime instructions tell the user to copy SKILL.md into ~/.openclaw/workspace/skills/... and to change the agent system prompt (SOUL.md) to enable 'strict' enforcement. The instructions claim behavioral changes (validator intercepts every exec) but provide no code or guidance that would actually implement those validators. They do not request unrelated secrets or files, but they misleadingly instruct the user to update persistent agent configuration for a feature that isn't present.
Install Mechanism
There is no install spec and no code files — from an installation-risk perspective this is low risk (nothing will be downloaded or executed). However, low technical risk here is overshadowed by the mismatch between claims and contents.
Credentials
The skill declares no required environment variables, credentials, or config paths. It does ask the operator to edit the agent system prompt (SOUL.md), which is a normal configuration change for behavior, but it does not request secrets or unrelated credentials.
Persistence & Privilege
The skill does not set always:true and is user-invocable (defaults). It instructs changing the agent's SOUL.md to enable enforcement mode — that is a persistent change to agent behavior and should be done cautiously. Autonomous invocation is allowed by default (not a specific red flag), but combining persistent system-prompt changes with the claimed automatic interception behavior is problematic because the validators that would enforce that behavior are absent.
What to consider before installing
This package is an instruction-only document that claims to install a 23-validator runtime security chain but contains no validator code or architecture file it references. Do not rely on it for real protection. Before installing or changing your agent's SOUL.md to 'strict': - Demand the actual implementation: request the BASH_SECURITY_ARCHITECTURE.md and the validator scripts or a verifiable install package (GitHub repo or signed release). Verify code existence and review it. - If you want to experiment, keep enforcement in 'audit' mode only and test in a safe environment; do not enable strict blocking until you can confirm validators are present and functioning. - Verify the skill's source and homepage; this package has unknown source and no homepage — treat it as untrusted until provenance is established. - Prefer obtaining security validators from an auditable repository or a vetted vendor rather than a document that only instructs you to edit agent prompts. If the author supplies the missing files and an auditable install mechanism, re-evaluate for coherence and safety.

Like a lobster shell, security has layers — review code before you run it.

latestvk97dr7zrytqdb4g3m72pv1ae95844tj6

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments