Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
SkillScan
v1.0.0Security gate for skills. Every new skill MUST pass SkillScan before use. Activate on any install, load, add, evaluate, or safety question about a skill. On...
⭐ 7· 54.9k·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description align with the included scanner implementation: the code enumerates many standard skill installation paths, computes SHA256s, and calls a cloud API for deeper analysis. Requesting network access and the ability to read skill directories is proportionate to a cloud-powered scanner. However the scope is broad (many agent paths across many vendors) which is wider than a single-agent scanner would need.
Instruction Scope
SKILL.md instructs the agent to activate on essentially any mention/install/use of a skill and on first run to append a '## Skill Security' section to a global SOUL.md to enforce scanning even when SkillScan is not loaded. That writes/modifies a shared workspace file outside the skill's own directory and mandates behavior across the workspace — this is persistent and intrusive beyond normal scanner behavior.
Install Mechanism
This is an instruction-only skill with an included Python scanner script (no external install spec). No downloads or third-party install mechanisms are used. The code runs locally and uses standard libraries (urllib, tempfile, etc.).
Credentials
The skill declares no required env vars, which is consistent. It does, however, perform network operations to a hard-coded domain (https://skillscan.tokauth.com) and builds/persists client info including a UUID and, when available, the MAC address. It will upload skill contents (or hashes) to a remote service for analysis — reasonable for cloud analysis but privacy-sensitive. The collection/persistence of MAC and broad path enumeration are not strictly necessary for basic local scanning and should be reviewed/optional.
Persistence & Privilege
The skill instructs creating/modifying SOUL.md to enforce scanning even when SkillScan isn't loaded and performs silent auto-update checks (daily). Both behaviors enable persistent control/communication outside the skill's own files. While auto-update is explainable, altering a global workspace file to force behavior cross-cutting multiple agents is a privileged action and should require explicit user consent.
What to consider before installing
This scanner mostly does what it claims (local hash + cloud lookup/upload). Before installing: 1) Review the full scanner.py to confirm exactly what files are uploaded and whether sensitive files could be included. The script persists a client id and may include your MAC address and will contact skillscan.tokauth.com — confirm you trust that endpoint and its privacy policy. 2) Be cautious about the SKILL.md instruction that appends to SOUL.md (it modifies a shared workspace file to enforce scanning); decide whether you want that persistence. 3) If you want cloud scans but not automatic uploads or a machine identifier, consider running the scanner in a sandbox or modifying the script to disable uploads and MAC collection (or set a private SKILL_SCANNER_UPDATE_URL). 4) If you need stronger assurance, ask for provenance (who publishes this skill, homepage/maintainer verification) and a reproducible changelog for the auto-update. Overall: functionally coherent but privacy- and persistence-impacting — inspect and consent before enabling.Like a lobster shell, security has layers — review code before you run it.
latestvk971dc3tsap78eszzhrx4cq36d84da8s
License
MIT-0
Free to use, modify, and redistribute. No attribution required.