ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Healthcheck

v1.0.0

Host security hardening and risk-tolerance configuration for OpenClaw deployments. Use when a user asks for security audits, firewall/SSH/update hardening, r...

0· 55·0 current·0 all-time
by@utromaya-code·duplicate of @mohdalhashemi98-hue/mh-healthcheck
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (host hardening and risk-tolerance configuration for OpenClaw) matches the SKILL.md: the document lists OS detection, port/firewall checks, OpenClaw audit commands, risk-profile selection, and a remediation plan. Nothing requested (no env vars, no installs) is out of line with this purpose. The minor instruction to 'self-check the current model' is an operational preference and does not conflict with the stated goal.
Instruction Scope
The SKILL.md directs the agent to run typical, host-focused read-only commands (uname, sw_vers, ss/lsof, ufw/firewall-cmd/nft/pfctl, tmutil, openclaw audit/status) and to request explicit permission before any state-changing actions. These checks are appropriate for a host audit. The document warns not to change remote access without confirming user connectivity and requires explicit approval prior to fixes, which limits scope creep.
Install Mechanism
No install spec and no code files are included. This is instruction-only; nothing will be written to disk by the skill itself. That is proportionate and lower-risk for this purpose.
Credentials
The skill requests no environment variables, credentials, or config paths. It does instruct the agent to infer system state and run local read-only commands (to learn OS, privileges, open ports, backups, encryption, etc.), which is expected for a host audit and proportional to the stated functionality.
Persistence & Privilege
The skill is not always-enabled and does not request elevated platform privileges or persistent modifications to other skills or system-wide agent settings. It instructs to require explicit user approval before making state changes, so no covert persistence or privilege escalation is indicated.
Assessment
This skill appears coherent and focused on host auditing for OpenClaw. Before enabling or running it: (1) confirm the agent asks for and receives explicit permission before executing commands, especially any '--fix' actions; (2) allow only the read-only checks initially and review outputs (listening ports, firewall status, backup/encryption) before approving changes; (3) note that the skill will run local system commands (e.g., uname, ss/lsof, firewall utilities) which reveal system state but does not request credentials or install software; and (4) keep recent backups and a rollback plan before allowing any automated fixes.

Like a lobster shell, security has layers — review code before you run it.

latestvk97cygfqye95hshyy8qg0en24x83d6hj

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments