Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
skill sec
v1.0.1Security agent that inventories installed OpenClaw skills, analyzes them for threats, and syncs results to your Clawned dashboard.
⭐ 0· 502·1 current·1 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description, required binary (python3), and required env var (CLAWNED_API_KEY) align with behavior in the code: the agent discovers installed skills and POSTs metadata or, on explicit scan, file contents to a Clawned server. Reading ~/.openclaw/openclaw.json to locate extraDirs is consistent with discovery functionality.
Instruction Scope
SKILL.md and the script keep scope consistent: 'sync' only sends metadata (owner, slug, displayName, latest.commit/version), while 'scan --path' explicitly reads up to 30 scannable files (many config/source extensions) and uploads their contents. The skill explicitly excludes .env files, but other config files (JSON/YAML/TOML, etc.) are collected on explicit scans — users should avoid scanning arbitrary/non-skill directories.
Install Mechanism
No install spec is provided (instruction-only + included Python script). Nothing is downloaded or installed at runtime; risk from install mechanism is low.
Credentials
Only CLAWNED_API_KEY is required (CLAWNED_SERVER is optional). That single credential is proportional to a service that must authenticate to a remote dashboard. The agent does read openclaw.json to find extraDirs, but it does not send that config to the server in normal operation.
Persistence & Privilege
The skill is not auto-included (always:false). It writes a small state file (~/.openclaw/clawned_agent.json) to store agent_id and last sync timestamps — this is reasonable for an agent. There is no evidence it modifies other skills or system-wide config.
Scan Findings in Context
[CRED-001] expected: The code reads ~/.openclaw/openclaw.json to obtain extraDirs (to discover skills). This pattern is flagged by the detector as credential-sensitive, but here the read is used to locate skill directories; the script does not send that file to the server.
[EXFIL-004] expected: The agent contacts a remote server (default CLAWNED_SERVER=https://api.clawned.io). A domain or endpoint in the code is expected for a service that uploads metadata or scans; ensure you trust the target server before providing your API key.
Assessment
This skill appears to do what it says: it inventories installed skills and (when you explicitly run a scan) uploads selected source/config files to a Clawned server. Before installing or enabling it, consider:
- Only provide CLAWNED_API_KEY if you trust the Clawned service and its privacy/security practices (default server is api.clawned.io). Review their privacy/retention policies.
- 'sync' uploads only metadata (owner, slug, displayName, commit/version). 'scan --path' will upload file contents (up to 30 files, 512KB each) — do NOT run scan on arbitrary or sensitive directories (e.g., repos containing secrets).
- The agent reads ~/.openclaw/openclaw.json to find extra skill directories; make sure that file does not expose unintended paths you don't want scanned.
- The script stores a local state file at ~/.openclaw/clawned_agent.json (agent id, timestamps).
- If you want extra caution: run a quick code review of scripts/agent.py locally, or run the agent in a constrained environment (container) or against a test CLAWNED_SERVER endpoint before using it on production data. If you have low tolerance for uploading any project files, avoid using 'scan --path' or run scans only on copies you control.Like a lobster shell, security has layers — review code before you run it.
latestvk972awqsr3w8sdj2vm2y2t6fmn81qfnf
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🛡️ Clawdis
Binspython3
EnvCLAWNED_API_KEY