Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Skill Security Scanner
v0.1.0Automatically scans Python skill code to detect security risks like malicious patterns, hardcoded secrets, dangerous functions, and integrates VirusTotal sca...
⭐ 0· 39·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description, CLI, scanner implementation, and tests all align: this is a Python static analyzer that optionally queries VirusTotal. The declared runtime requirements (no mandatory env vars) are consistent. Minor inconsistency: registry metadata says 'No install spec / instruction-only', but the package includes an install.sh and a skill.json with an install script — so the package is not purely instruction-only as the registry entry implies.
Instruction Scope
SKILL.md and CLI direct the tool to read files under the user-supplied skill_path, generate JSON/HTML, and optionally call VirusTotal when a key is provided. The scanner code shows AST-based checks, regex checks, config and text file scanning, and limits (text files limited to 10, VT scans limited to first 5 files). It does not attempt to read unrelated system configs or environment variables beyond the optional VT key and does not transmit data anywhere else in the visible code. Recommend reviewing the truncated _scan_with_virustotal implementation to confirm only VirusTotal is contacted and no other endpoints are used.
Install Mechanism
No formal install spec in registry, but the repo contains install.sh that creates a symlink in ${HOME}/.local/bin to source/cli.py and sets execute bits. This is simple but fragile: the symlink points into the repo directory (so moving/cleaning the repo can break the CLI). No external downloads or network installers are used. Review install.sh before running; it does not perform privileged actions.
Credentials
The only optional credential is a VirusTotal API key (virustotal_api_key / VT_API_KEY), which is appropriate for the optional VirusTotal integration. The skill does not request unrelated credentials or system secrets in its metadata. The scanner itself looks for hardcoded secrets in scanned code (sk-, ghp_, JWT patterns) which is expected behavior for this tool.
Persistence & Privilege
always is false and the skill does not request persistent platform privileges. The installer creates a user-level symlink in ~/.local/bin only. The tool writes HTML reports into the scanned skill_path when asked, which is expected; it does not modify other skills' configs or global agent settings in the visible code.
Assessment
This package appears to implement what it advertises: a local Python static scanner with an optional VirusTotal step. Before installing or running it: 1) Inspect install.sh (it symlinks source/cli.py into ~/.local/bin — make sure that path is acceptable and that you know where the repo will live). 2) Review the implementation of _scan_with_virustotal (truncated in the provided files) if you plan to enable VirusTotal to confirm it only calls VirusTotal and handles the API key safely. 3) Run the tool against a test directory first (not production code) to see outputs and confirm it doesn’t contact unexpected endpoints. 4) Be aware the scanner will read all files under the supplied skill_path (it also scans some non-Python text files and config files), so point it only at directories you intend to scan. 5) Because the registry metadata omitted an install spec while the package contains an installer, prefer manual inspection and manual installation into a controlled location (or use a virtual environment) rather than blindly running the install script.tests/test_scanner.py:38
Dynamic code execution detected.
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.Like a lobster shell, security has layers — review code before you run it.
latestvk975f9dwgt80nndjjgvj8jnwm983pt8h
License
MIT-0
Free to use, modify, and redistribute. No attribution required.