Fox Openclawmp
PassAudited by VirusTotal on May 10, 2026.
Overview
Type: OpenClaw Skill Name: fox-openclawmp Version: 1.0.0 The bundle provides a comprehensive CLI tool and agent instructions for interacting with the OpenClaw Marketplace (openclawmp.cc). The code implements standard package management functionality, including searching, installing, and publishing agent assets (skills, plugins, triggers, etc.). While the tool utilizes shell commands (tar/unzip) for archive extraction and manages authentication tokens, these actions are transparently documented and necessary for its stated purpose. The SKILL.md instructions guide the AI agent through registration and marketplace operations, maintaining user involvement for OAuth authorization and lacking any indicators of malicious intent, data exfiltration, or harmful prompt injection.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the bundled CLI is used on a crafted path, local shell commands could run unexpectedly during publishing.
The CLI builds a shell command using a user-selected path rather than a safer non-shell API, which can be unsafe if paths contain shell-breaking characters.
let skillDir = args[0] || '.'; skillDir = path.resolve(skillDir); ... execSync(`tar czf "${tarball}" -C "${skillDir}" .`, { stdio: 'pipe' });Use safer process APIs such as execFile/spawn with argument arrays, validate paths, and avoid shell interpolation for tar/unzip operations.
A user or agent could accidentally publish private files such as .env files, credentials, local notes, or repository metadata.
Publishing packages every file under the selected directory, with no visible exclusions or file-list review before upload.
execSync(`tar czf "${tarball}" -C "${skillDir}" .`, { stdio: 'pipe' });Before publishing, review the directory contents manually; the CLI should add default secret exclusions and show an explicit file list before upload.
The global CLI can change over time and npm installs may execute package lifecycle code.
The skill directs users/agents to install and keep updating a global npm package to the latest version, which is normal for a CLI but increases supply-chain exposure.
每次执行 openclawmp 操作前,先检查 CLI 是否为最新版本 ... 如果本地版本 < npm 最新版本 → 执行 `npm update -g openclawmp` ... `npm install -g openclawmp`
Verify the npm package provenance, consider pinning a known version, and avoid automatic global updates unless you trust the source.
Anyone with the token or authorized device may perform marketplace actions as the user or agent.
The skill uses API keys or device authorization for marketplace actions; this is expected for publishing and account operations but grants meaningful account authority.
认证:需要认证的端点传 `Authorization: Bearer sk-xxxxx`(API Key)或 `X-Device-ID: xxxxx`(设备授权) ... 凭证查找优先级:`OPENCLAWMP_TOKEN` 环境变量 → `~/.openclawmp/credentials.json`
Use only trusted API endpoints, protect tokens and credential files, and revoke credentials if the device or environment is shared.