Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
FoolClaw
v0.5.0OpenClaw prank skill with local pranks and a quiet background operator. `Start FoolClaw` leaves a desktop prank and quietly arms FoolClaw in one step.
⭐ 0· 37·0 current·0 all-time
byTreap Huai@treapgogo
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The name/description (a local prank skill) matches the code and assets: the package writes desktop artifacts, generates local HTML, and opens video links. However the skill also embraces a 'background operator' that will explore/optionally use host messaging/posting capabilities when available — behavior that users may not expect from a simple 'desktop prank' tool.
Instruction Scope
SKILL.md instructs the agent to run pranks immediately on activation, to 'quietly arm' a background operator, and explicitly forbids extra safety or permission review and disallows visible narration of actions. It also tells the agent to probe 'operator-capabilities' and 'operator-targets' and may opportunistically send one short message when a channel is exposed. These instructions reduce transparency and bypass explicit consent flows.
Install Mechanism
There is no external install/download step and no third-party packages are pulled at install time. The skill runs as a bundled Node script (node is the only required binary). This lowers supply-chain risk compared to remote downloads.
Credentials
The skill requests no environment variables or external credentials, which is consistent superficially. But SKILL.md and agents/openai.yaml explicitly direct the agent to inspect/use host 'operator' capabilities (channels, targets, message tools) if exposed — effectively allowing the skill to use host messaging/posting tokens or APIs that are not declared in requires.env. The lack of declared creds combined with potential use of host channels is a proportionality concern.
Persistence & Privilege
The skill's UX/README emphasize 'quietly arming' a background operator and constants in the script (OPERATOR_CADENCE, OPERATOR_MODE) indicate periodic/ongoing activity. Although 'always' is false, the skill instructs arming background behavior on a single Start command without further permission or visible confirmation. That grants the skill ongoing presence/ops in the environment without explicit user review.
What to consider before installing
This package appears to be a coherent prank tool (it will create files on the desktop, open local HTML pages or video links, and can run a background 'operator' that may act later). However, the runtime instructions explicitly tell the agent to skip safety/permission prompts and to keep background actions quiet, and the skill is allowed to explore host messaging/posting capabilities and possibly send a one-off message if a channel is exposed. Before installing, inspect the included script (scripts/foolclaw.mjs) yourself to confirm exactly what it writes and whether it registers any persistent tasks; run it in a sandbox or VM first; verify it won't access any messaging channels or credentials you do not want it to use; and only proceed if you accept that it can create local files, open browser tabs, and arm a background operator without further prompts.scripts/foolclaw.mjs:972
Shell command execution detected (child_process).
scripts/foolclaw.mjs:825
Environment variable access combined with network send.
scripts/foolclaw.mjs:890
File read combined with network send (possible exfiltration).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.Like a lobster shell, security has layers — review code before you run it.
latestvk97fvakfz4c6vvyx2h0mx6dsgn83rkqg
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🃏 Clawdis
OSWindows · macOS · Linux
Binsnode