Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
openclaw omni expert
v1.0.0OpenClaw全能专家系统;支持多种远程软件(UU/RustDesk/ToDesk/向日葵/RDP)、一键安装、TOP3专家诊断、全自动驾驶、Agent/Workflow编排、工具链配置、记忆系统、插件开发、监控运维、100+实战案例库和故障排查手册;用户说"安装 OpenClaw"、"配置 OpenClaw"...
⭐ 0· 60·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill's code (many scripts) implements the advertised capabilities (UU/RustDesk/ToDesk/SunLogin/RDP control, autopilot, memory/knowledge, workflows). However the registry metadata declares no required binaries while the code expects many external CLI tools (ssh, scp, rustdesk, uu, todesk, sunlogin, anydesk, teamviewer, mstsc, etc.). SKILL.md lists only paramiko as a Python dependency though much of the code uses subprocess to call system binaries. This mismatch between declared requirements and actual runtime needs is an inconsistency.
Instruction Scope
SKILL.md and the scripts instruct running local scripts that: connect to remote hosts (via SSH or remote‑desktop CLIs), execute arbitrary commands remotely (uu exec, ssh commands), transfer files (scp, todesk/sunlogin transfer), capture screenshots, and perform automated clicks/keyboard input. The code also reads/writes local config paths (e.g., ~/.openclaw, APPDATA/*/RustDesk/config.toml, ~/.ssh references) and will persist learned cases and possibly credentials. These behaviours go beyond simple 'helper' scope and involve accessing and modifying sensitive local files and running arbitrary commands.
Install Mechanism
There is no remote download/install spec embedded in the registry entry (no external URLs). The skill is delivered as code files included in the package (no installer step shown). That reduces supply‑chain download risk compared to fetching arbitrary payloads at install time.
Credentials
The registry declares no required environment variables or primary credential, but the scripts access environment variables (e.g., APPDATA, HOME) and local config files. Some scripts (rustdesk_control.set_password) write passwords into application config files; others attempt to read stored passwords or SSH keys if provided. Requesting or using SSH private keys, reading local app config files, and modifying remote‑desktop configs are sensitive operations that are proportionally large relative to a simple assistant; the skill does not declare these needs up front.
Persistence & Privilege
always:false (no forced inclusion). disable-model-invocation is false (the skill may be invoked autonomously by the agent). Given the skill can initiate remote sessions, run commands, transfer files, and modify local app configs, autonomous invocation increases risk if left unrestricted. This is not a misconfiguration by itself, but it amplifies the impact of the other concerns.
What to consider before installing
This package appears to implement a full remote‑control/autopilot system and will access and persist local configuration (e.g., ~/.openclaw, APPDATA RustDesk config), can read/write passwords and SSH keys (if given), and runs many external CLI commands (ssh, scp, rustdesk, uu, todesk, sunlogin, mstsc, etc.). Before installing or running it: 1) Review the code (especially files like rustdesk_control.py, remote_desktop_control.py, autopilot.py, install_openclaw.sh) to confirm there are no unexpected remote endpoints or hidden uploads; 2) Do not supply real SSH private keys or admin credentials — use throwaway accounts/VMs for testing; 3) Expect the tool to create and modify files under your home directory (learned cases, configs) and possibly append passwords to app config files; 4) If you need to run it, prefer an isolated sandbox or VM and restrict network access until you trust it; 5) Ask the publisher to update the registry metadata to list required binaries and explain precisely what config paths it will read/write and why. These steps will reduce the risk of accidental credential exposure or unintended remote actions.Like a lobster shell, security has layers — review code before you run it.
latestvk978b92h19mn1jrjhsr8f1x6s584c4zg
License
MIT-0
Free to use, modify, and redistribute. No attribution required.