Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
dep-audit
v0.2.1Audit project dependencies for known vulnerabilities (CVEs). Supports npm, pip, Cargo, and Go. Zero API keys required. Safe-by-default: report-only mode, fix...
⭐ 0· 730·2 current·2 all-time
byTodd Kuehnl@tkuehnl
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name/description (dependency CVE audit across npm/pip/Cargo/Go) align with the included scripts and SKILL.md workflow. One mismatch: registry metadata lists no required binaries, but the skill and SKILL.md clearly require jq and the respective audit CLIs (npm, pip-audit, cargo-audit, govulncheck, optional syft). This is a documentation/metadata omission rather than functionality misalignment.
Instruction Scope
SKILL.md instructs the agent to detect lockfiles, run per-ecosystem audit scripts, aggregate results, and only write an SBOM when requested. Scripts read lockfiles and run external audit tools; they do not execute project code. Network access is used only by upstream audit tools to fetch advisory DBs. The instructions include explicit confirmation gates before running fix commands.
Install Mechanism
There is no automated install spec (instruction-only), which keeps install risk low. The repository contains shell scripts that will be executed at runtime. Documentation suggests installing syft via a curl | sh line (README/SPEC) — that command is only a user-facing install suggestion, not an automated download performed by the skill, but it is a higher-risk installation pattern if the user copies it. Overall the lack of an automated arbitrary download is good.
Credentials
The skill requests no environment variables or credentials and does not attempt to access unrelated secrets. Declared permissions (exec, read, network, write:on-request) are proportionate: the skill must execute local audit CLIs, read lockfiles, and optionally write an SBOM when asked. No unexpected credential access is present.
Persistence & Privilege
The skill does not request permanent/always-on presence (always:false) and will only write files on explicit user request (SBOM). It does not modify other skills or global agent settings. Autonomous invocation is allowed by default but not combined with other red flags.
Assessment
This skill appears to do what it says: it runs local audit CLIs, aggregates results, and only makes changes when you explicitly ask and confirm. Before installing or running: 1) verify jq and any ecosystem audit tools you need (npm, pip-audit, cargo-audit, govulncheck) are installed — the registry metadata omitted this requirement; 2) be aware audit tools will contact their advisory servers (network access) to fetch vulnerability data; 3) SBOM generation writes a file to the target directory (the repo notes symlink-resolved paths — check the target path if using symlinks); 4) the scripts execute shell commands from the skill directory, so review the scripts if you do not trust the source; 5) the README shows a curl|sh install line for syft — avoid piping unreviewed scripts to sh unless you trust the source. If you plan to allow the agent to run fix commands, only confirm after reviewing the printed fix commands and consider running them in a dedicated branch or CI pipeline.Like a lobster shell, security has layers — review code before you run it.
latestvk97cp69wv8b04bhd4wj1fz0nc181k4es
License
MIT-0
Free to use, modify, and redistribute. No attribution required.