Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
安全审核标准 - 自动化版
v1.0.0自动扫描 workspace/skills 目录中多种文件,识别风险关键词,生成安全审计报告并给出安装建议。
⭐ 0· 37·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description claim to scan the workspace/skills directory and produce a risk report; the provided scan_skills.py implements exactly that (os.walk over /workspace/skills, substring keyword checks, Markdown+JSON report). There are no extra env variables, binaries, or external services required.
Instruction Scope
Instructions and script read every file under /workspace/skills for listed extensions and produce local reports in /workspace. This is consistent with purpose but means the skill will read any sensitive data stored in that directory. Detection is done by simple substring matching (kw in content) rather than robust parsing, which causes likely false positives (comments/strings) and false negatives (obfuscated patterns). The whitelist logic is filename-based (SAFE_PATTERNS) and can be bypassed by a maliciously named file; the scanner does not attempt deeper static analysis or network sink detection.
Install Mechanism
No install spec and no external downloads. The skill is instruction-only with a bundled Python script that runs in-place. No packages are installed and no archives are fetched.
Credentials
The skill requests no credentials or env vars, which is proportional. However, it requires read access to /workspace/skills (and will open many files), which is necessary for its purpose but means it can see any secrets or tokens present in that directory. The SUSPICIOUS keyword list contains dangerous tokens (e.g., 'eval(', 'os.system') only as literals in the scanner — they are not executed by the scanner itself (expected).
Persistence & Privilege
Flags show always:false and normal autonomous invocation is allowed (platform default). The script writes only its own report files to /workspace and does not modify other skills or agent configuration. No elevated system privileges are requested.
Assessment
This skill appears to do what it claims: it reads files under /workspace/skills, searches for listed risky keywords, and writes a Markdown+JSON report to /workspace. Before installing or enabling it, consider: (1) it will read any secrets stored in /workspace/skills — ensure no sensitive credentials are there or rotate them after a scan; (2) substring matching is brittle: expect false positives (keywords in comments or docs) and some bypasses (obfuscated code or renamed files); (3) the filename-based whitelist can be abused by a file named to appear safe — review whitelist patterns if you rely on automatic exclusions; (4) run the scanner manually in a sandbox first (python3 scan_skills.py) to inspect the produced report and confirm it behaves as expected; (5) because it has read access to your skills directory, prefer running it in an environment with limited permissions or inspect its source (scan_skills.py) yourself — the code is short and readable. If you need, I can list exact lines where the scanner: (a) defines the keyword lists, (b) performs substring matching, and (c) writes the report so you can review them quickly.scan_skills.py:18
Dynamic code execution detected.
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.Like a lobster shell, security has layers — review code before you run it.
auditvk979zxezrhyn10vt75xtrvgrss83pa0zautomationvk979zxezrhyn10vt75xtrvgrss83pa0zchinesevk979zxezrhyn10vt75xtrvgrss83pa0zlatestvk979zxezrhyn10vt75xtrvgrss83pa0zsecurityvk979zxezrhyn10vt75xtrvgrss83pa0zskillsvk979zxezrhyn10vt75xtrvgrss83pa0z
License
MIT-0
Free to use, modify, and redistribute. No attribution required.