ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Windows Ollama

v1.0.0

Windows Ollama — run Ollama on Windows with fleet routing across multiple Windows PCs. Windows Ollama setup for Llama, Qwen, DeepSeek, Phi, Mistral. Route Ol...

0· 55·2 current·2 all-time
byTwin Geeks@twinsgeeks
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The SKILL.md describes exactly the intended functionality (install Ollama, pip install ollama-herd, run herd and herd-node, open a router port, monitor nodes). That purpose explains the need for curl/wget and optional python/pip/nvidia-smi. However, the skill's declared required binaries do not list the 'herd'/'herd-node' or Ollama binaries it instructs you to run — the instructions instead tell the user to install them. This is a minor coherence mismatch (metadata doesn't enumerate the actual runtime binaries the instructions rely on).
!
Instruction Scope
The instructions direct the user to run a pip install (fetch and execute third-party Python code), start a network service listening on port 11435, add a Windows Firewall rule to allow inbound connections, and read/write per-user environment variables and local fleet files (~/.fleet-manager/*). Those actions are within the stated purpose but broaden the attack surface: installing an external package and opening a listener on the local network can permit remote clients to send arbitrary inference requests to your machine and may process potentially sensitive data. The SKILL.md otherwise confines network calls to local endpoints and to trusted sites (ollama.ai, GitHub links).
Install Mechanism
There is no formal install spec in the skill bundle — it's instruction-only. It tells the user to run 'pip install ollama-herd' and to download Ollama from ollama.ai. Pip installing an external package is a normal but non-trivial action: it fetches and executes code from PyPI (or the package's index) and can install daemons/binaries. This is expected for the described functionality but increases risk compared to an instruction-only skill that requires only preinstalled tools.
Credentials
The skill does not request credentials or secrets and declares no required env vars. The content suggests setting OLLAMA_* user environment variables for performance; these are reasonable and directly relevant to Ollama's operation. No unrelated credentials, API keys, or unexpected config paths are requested beyond the service's own fleet files (~/.fleet-manager).
!
Persistence & Privilege
The skill instructs you to run a long-running router/agent (herd) that listens on a TCP port and to add an inbound firewall rule, which grants persistent network exposure. 'always' is false and the skill itself does not claim to modify other skills, but installing and running the herd process creates a persistent service that could accept requests from other machines. This persistent network presence combined with a third-party pip-installed package increases the blast radius if the package or service is malicious or misconfigured.
What to consider before installing
This skill appears to do what it says (help run an Ollama fleet on Windows), but installing and running it will install third-party code via pip and open a network router port on your PC. Before proceeding: 1) Inspect the 'ollama-herd' package source (the linked GitHub repo) and confirm the pip package you will install matches that repo; 2) prefer installing from a pinned release or reviewing the package contents locally before running; 3) only enable the firewall rule on trusted private networks (avoid exposing port 11435 on public or corporate networks); 4) run the herd service with the least privilege necessary and monitor its logs; 5) be aware model downloads can be large and may contain data you send to the model — avoid exposing sensitive data to remote nodes. If you cannot review the pip package source or are uncomfortable with opening an inbound listener, treat this skill as risky and do not install it.

Like a lobster shell, security has layers — review code before you run it.

latestvk9749ngbk1nc8y413nwpdcmtes84473w

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

windows Clawdis
OSWindows
Any bincurl, wget

Comments