ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

skill shield

v1.0.0

AI Agent Skill Security Scanner - Detect malicious skills, verify signatures, analyze permissions, and provide trust ratings for the agent ecosystem. Protect...

0· 253·0 current·0 all-time
byericzhan@uexo
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description (skill security scanner) match the main scanner code (scripts/skillshield.py). However the package also contains Moltbook integration and an upload script which go beyond a pure local scanner; those integrations are plausible but not strictly required for the stated purpose. The manifest/metadata declared no required env vars or credentials, yet code expects a Moltbook API key. Also scripts/publish.py expects a _meta.json file that is not present in the manifest — another mismatch.
!
Instruction Scope
SKILL.md instructs running local scanner scripts and a 'guardian' daemon to monitor Moltbook. The code implements monitoring and an uploader that will POST content to an external Moltbook service. While scanning local skill files is expected, the included upload_to_moltbook.py will publish content to an external service (and includes a default API token). Running the guardian or upload script would transmit data externally; the README and scripts also reference absolute internal paths which may expose local information if posted.
Install Mechanism
There is no install spec (instruction-only), so nothing is automatically downloaded or installed by the platform. The security surface is the included Python scripts. That reduces supply-chain install risk, but you still must inspect or sandbox those scripts before running them.
!
Credentials
Skill metadata declares no required environment variables or credentials, yet multiple scripts read MOLTBOOK_API_KEY from the environment. More importantly, upload_to_moltbook.py contains a hard-coded API key fallback ('moltbook_sk_JMb6t_WI-xq7SQapbAYXF9BFBPuXBuuM'), which is a secret embedded in the code — disproportionate and potentially exploitable. The presence of an embedded token that will be used to post to an external service is the main proportionality issue.
Persistence & Privilege
The skill is not marked always:true and does not request persistent system-wide privileges. The guardian supports a long-running monitor (user-invoked). Autonomous invocation of skills is enabled by default on the platform (not flagged here), but combined with the hard-coded API token and external posting, a running guardian could have a wider blast radius if started.
What to consider before installing
This package appears to implement a legitimate local skill scanner, but it contains surprising external-integration code you should not run blindly. Key points to consider before installing or running: 1) upload_to_moltbook.py has a hard-coded Moltbook API token — treat that as sensitive and potentially active; do not run the uploader unless you trust the token and endpoint. 2) The guardian/monitor will query and (intended) post to an external service — run only in a sandbox and inspect network calls first. 3) The skill metadata declares no required env vars but the code uses MOLTBOOK_API_KEY; confirm what keys will actually be used and rotate/revoke any embedded tokens. 4) Review scripts for any code paths that read or post local filesystem information (the uploader's post content references local paths). 5) Prefer running the scanner with read-only access to a copy of the skill repository, or inspect/grep the code first (search for 'MOLTBOOK', 'API_KEY', 'create_post', 'urlopen', 'urllib.request'). If you need the scanner but not the network behavior, remove or disable the Moltbook-related scripts before use.

Like a lobster shell, security has layers — review code before you run it.

latestvk9730r8jekbk7emx2wx1zza25982qd79

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments