ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Network Log Analysis

v1.0.0

Device-level network log analysis using raw syslog data without SIEM platforms. Guides forensic timeline construction from rsyslog/syslog-ng collectors, devi...

0· 32·1 current·1 all-time
byVahagn Madatyan@vahagn-madatyan
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (syslog-based network log analysis) match the instructions and reference materials: examining /etc/rsyslog.conf, /etc/syslog-ng/, /var/log/*, device CLI commands, and using grep/awk/sort is exactly what you'd expect for this task. No unrelated services, binaries, or credentials are requested.
Instruction Scope
The SKILL.md explicitly instructs the agent to read collector config files and log directories (e.g., /etc/rsyslog.conf, /var/log/*) and to query devices via CLI (show logging, show ntp). That scope is appropriate for forensic timeline work, but it assumes the agent has SSH/console access and read permissions; ensure any credentials given are least-privilege (read-only). The instructions do not direct data to external endpoints or perform unexpected collection beyond logs and device config/status.
Install Mechanism
Instruction-only skill with no install steps, no downloaded artifacts, and no declared dependencies. This is the lowest-risk install posture.
Credentials
The skill declares no required environment variables or credentials, which is consistent because it expects direct access to syslog files and device CLIs provided by whatever platform or operator supplies credentials. Users should confirm how the agent/platform will provide SSH/device credentials and that those credentials are scoped to read-only access for the collector and devices.
Persistence & Privilege
always: false and no install behavior means the skill does not request permanent presence or elevated platform privileges. The default ability for the agent to invoke the skill autonomously is normal; it is not combined with other risky flags.
Assessment
This skill appears coherent for offline syslog forensic work. Before installing, verify how your agent/platform will obtain access to the syslog collector and network devices: provide only read-only SSH/console credentials and limit filesystem access to the collector log directories. Be aware log files may contain sensitive data (IPs, usernames, session identifiers); ensure your agent is not allowed to exfiltrate logs or send them to external endpoints. Because the skill runs shell-style parsing commands, confirm the execution environment (GNU date vs BSD date) and test parsing one-liners on a non-production sample. If you want extra caution, restrict the skill's runtime network egress or require manual invocation rather than allowing broad autonomous runs.

Like a lobster shell, security has layers — review code before you run it.

latestvk972s0zddajj8fbfs2rghtasms840q32

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments