ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Skill Safety Verifier

v0.1.1

Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope,...

0· 313·0 current·0 all-time
by@ttttstc
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description align with the code and files: analyzer.py implements code-pattern scanning, dependency vulnerability checks against GitHub Advisory API, permission analysis and a risk scoring renderer. The presence of setup.py, CLI entry point, and documentation is consistent with a local analysis tool.
!
Instruction Scope
SKILL.md/README describe cloning a target skill and scanning its files and dependencies, which matches analyzer.py's scanning behavior. However there is a notable contradiction: README claims SSL verification is used by default, while analyzer.py explicitly disables SSL certificate verification (ssl.CERT_NONE) when calling the GitHub Advisory API. That weakens the security guarantees of a tool whose purpose is vetting security.
Install Mechanism
Registry has no install spec, but the package includes setup.py and instructions to pip install or wget individual files. The install approach uses standard pip/setuptools and a small requirements.txt (requests). No high-risk download-from-unknown-host patterns are present in the manifest; however README suggests direct wget from raw.githubusercontent.com which is common but should be used carefully.
Credentials
The skill declares no required environment variables or elevated credentials. It writes cache to ~/.cache/skill-safety/ (expected for advisories cache). The tool scans repository files (including SKILL.md, package.json) which is necessary for its purpose and does not request unrelated secrets.
Persistence & Privilege
No always:true, no special OS-level privileges requested. Installing via pip would create a console script and a cache directory — standard for a CLI tool. It does not attempt to modify other skills' configs or request permanent platform privileges.
Scan Findings in Context
[ssl_disable_verification] unexpected: analyzer.py creates an SSL context with ctx.check_hostname = False and ctx.verify_mode = ssl.CERT_NONE when fetching advisories, which disables certificate verification and is inconsistent with a security tool's intent.
[external_api_call_github_advisories] expected: The code queries https://api.github.com/advisories for vulnerability data — this is expected for a vulnerability-checking tool. The use should be done with proper TLS verification and optional authenticated requests for higher rate limits.
[dangerous_pattern_strings] expected: The code contains regex lists for exec/eval/subprocess/os.environ/http patterns because the analyzer scans target skills for these dangerous constructs — this is expected.
[console_script_entrypoint] expected: setup.py defines a console script entry point (skill-safety-check=analyzer:main), which is normal for a CLI tool and matches README usage examples.
[requirements_mismatch] unexpected: requirements.txt includes 'requests>=2.28.0' but analyzer.py uses urllib.request for advisory fetching; requests may still be used elsewhere or intended for optional features — minor inconsistency.
What to consider before installing
This tool appears to implement the vetting functions it advertises, but do not run it on sensitive networks or with privileged access until you address the TLS issue. Ask the author why SSL verification is disabled (and prefer a version that keeps certificate verification enabled). Before installing or using: 1) Inspect analyzer.py (the fetch_advisories code) and patch it to enable certificate verification (remove CERT_NONE). 2) Run the analyzer in an isolated environment/container with limited network access. 3) Consider providing a GitHub token for authenticated advisory queries. 4) Review any output the analyzer produces (it writes a cache to ~/.cache/skill-safety/). If you are not comfortable editing code, avoid installing or only run on isolated test hosts.

Like a lobster shell, security has layers — review code before you run it.

latestvk9723fx11x81124pyqrz02fx5d822vgw

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments