Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Ipam Dns Audit
v1.0.0IP Address Management and DNS record reconciliation audit covering subnet utilization analysis, DNS forward/reverse consistency, IP conflict detection, and D...
⭐ 0· 58·1 current·1 all-time
byVahagn Madatyan@vahagn-madatyan
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The declared purpose (IPAM/DNS reconciliation) matches the instructions: IPAM exports, ARP/DHCP discovery, and DNS checks. However, the registry metadata lists no required environment variables or credentials, while the SKILL.md explicitly states prerequisites such as API tokens for NetBox/Infoblox/BlueCat, WAPI/auth credentials, SNMP community strings or SSH access to network devices, and AXFR/authoritative DNS access. A skill performing this work legitimately needs those secrets; the metadata omission is an incoherence that affects security decisions.
Instruction Scope
The SKILL.md and reference docs give precise, scoped steps (curl against IPAM APIs, dig/nslookup/AXFR against authoritative servers, show ip arp on network devices, nmap/arp-scan for discovery). These are coherent with an audit workflow and do not instruct reading unrelated local files or exfiltrating data to third-party endpoints. Caveats: some recommended actions (nmap sweeps, arp-scan, zone transfers) can be intrusive, may trigger IDS/IPS, and require explicit authorization; the instructions assume the agent/operator will supply the device/API credentials and appropriate access.
Install Mechanism
Instruction-only skill with no install spec and no code files. Nothing is downloaded or installed by the skill itself, so there is no install-related code execution risk from the package.
Credentials
The skill requests (in prose) multiple sensitive credentials—IPAM API tokens, Infoblox/BlueCat credentials, DHCP server access, SNMP community strings, SSH credentials for network devices—yet declares no required environment variables or primary credential in the registry metadata. The absence of declared env vars makes it unclear how credentials should be supplied and audited. Requesting many credentials is justified by the audit purpose, but the skill should explicitly declare what secrets it needs and recommend least-privilege, read-only tokens.
Persistence & Privilege
The skill is not always-enabled and does not modify other skills or system-wide settings. It is user-invocable and can be invoked autonomously (normal default), but does not request permanent presence or elevated platform privileges.
What to consider before installing
This skill appears to be a legitimate, instruction-only IPAM/DNS audit playbook, but it contains a clear metadata mismatch: the prose requires API tokens, SNMP/SSH creds, and the ability to run network discovery, yet the registry lists no required credentials. Before installing or using it: (1) do not supply high-privilege or reusable admin credentials—create least-privileged, read-only API tokens for IPAM and DNS and separate service accounts for device reads; (2) confirm legal/operational authorization for active scans (nmap/arp-scan) and AXFR attempts, as these can trigger monitoring or disruption; (3) validate where and how you will provide secrets (prefer ephemeral, scoped env vars or a secrets manager rather than pasting creds into a UI); (4) consider running the procedure manually in a controlled sandbox first to confirm commands and outputs; and (5) ask the publisher to update metadata to explicitly declare required environment variables and credential types so you can audit and provision them safely.Like a lobster shell, security has layers — review code before you run it.
latestvk977jhdedmvr6426ysvwyjcjcs83dn3x
License
MIT-0
Free to use, modify, and redistribute. No attribution required.