Silviu Core
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: silviu-core Version: 1.0.0 The skill bundle includes instructions for the AI agent to execute shell commands like `curl -I https://github.com`, `export GIT_TERMINAL_PROMPT=0`, and `git ls-remote <repo>` as part of a 'Repo Audit Preflight' runbook in `SKILL.md` and `repo_audit_preflight.md`. While these commands are plausibly needed for the stated purpose, the execution of arbitrary shell commands, especially with a placeholder like `<repo>` that could be substituted by the agent, represents a risky capability and a potential command injection vulnerability if the agent's execution environment does not properly sanitize input. This falls under 'risky capabilities without clear malicious intent'.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may guide you to turn on the browser relay for an active Chrome tab or contact GitHub to verify repository access before cloning.
The skill tells the agent/operator to use OpenClaw browser tooling and GitHub network commands. This is tool use, but it is explicit, narrow, and aligned with the stated runbooks.
Browser automation requires an attached tab (Chrome relay ON)... `curl -I https://github.com`; `git ls-remote https://github.com/<owner>/<repo>.git | head`
Use the runbooks only for the intended browser tab and repository, and review commands before running them in sensitive environments.