ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Interface Health

v1.0.0

Interface and link health assessment with error counter analysis, optical power monitoring, discard diagnosis, and utilization trending. Multi-vendor coverag...

0· 56·1 current·1 all-time
byVahagn Madatyan@vahagn-madatyan
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill is a diagnostics/reference guide for interface health and the commands it contains align with that purpose. However the SKILL.md frontmatter declares a dependency on the ssh binary while the registry metadata reported no required binaries; this mismatch should be clarified (SSH access is expected for device queries). Overall the requested capabilities (CLI commands, threshold tables) are proportional to the described purpose.
!
Instruction Scope
Most instructions are read-only 'show' commands appropriate for diagnostics. However the included CLI reference explicitly lists clear/clear-counters commands (e.g., 'clear counters [intf]', 'clear interfaces statistics [intf]') which are state-changing. This contradicts the 'Prerequisites' claim that read-only privilege is sufficient. The skill does not instruct the agent to read local files or secrets, nor does it reference external endpoints, but the presence of destructive commands raises scope concerns if the agent is allowed to execute them automatically.
Install Mechanism
Instruction-only skill with no install spec and no code files — low install risk. Nothing is downloaded or written to disk by the skill itself.
Credentials
The skill does not request environment variables, credentials, or config paths. That is proportionate to a CLI-run diagnostic guide. The only required runtime tool is SSH (per SKILL.md frontmatter), which is reasonable for a network device CLI-based skill — confirm the registry metadata is updated to reflect this requirement.
Persistence & Privilege
always:false (no forced persistent inclusion) and no install steps that persist state. The skill is user-invocable and can be invoked autonomously (platform default), which is expected for skills; no additional privileged presence is requested.
What to consider before installing
This skill is a coherent, vendor-agnostic runbook for interface diagnostics and appears to do what it says — collect CLI output, compare against thresholds, and guide remediation. Before installing or running it against live equipment: 1) Confirm the skill will only execute read-only 'show' commands with the agent's credentials; if you must allow 'clear' commands for delta collection, restrict them to explicit, supervised runs and use a separate, auditable account. 2) Ensure the agent has only minimal SSH access (prefer read-only accounts or role-limited accounts). 3) Ask the publisher to fix the metadata mismatch (registry says no required binaries but SKILL.md lists ssh). 4) If you allow autonomous invocation, limit which devices/addresses the agent can reach and require manual approval for any state-changing commands. If the author can confirm the skill will never clear counters or otherwise modify device state, the inconsistencies here would be resolved and confidence would increase.

Like a lobster shell, security has layers — review code before you run it.

latestvk974kvn2p380w3g7y43a93j29x83d94g

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments