ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Network Topology Discovery

v1.0.0

Iterative network topology discovery using CDP/LLDP neighbor protocols, ARP/MAC table correlation, and routing table analysis. Multi-vendor coverage for Cisc...

0· 45·0 current·0 all-time
byVahagn Madatyan@vahagn-madatyan
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill's name, description, and runtime instructions align: it documents iterative L2/L3 discovery via CDP/LLDP, MAC/ARP correlation, and routing tables accessed over SSH/console. However, registry metadata shows no required binaries or credentials while the SKILL.md explicitly expects SSH access (openclaw metadata lists bins:["ssh"]) and the procedure requires credentials that work across devices — the registry omission is inconsistent.
Instruction Scope
SKILL.md is an instruction-only skill that restricts operations to read-only 'show' commands and scope-control rules; it does not instruct exfiltration to external endpoints. Minor concern: the CLI reference lists 'show running-config | include ...' and similar config reads which can expose sensitive config (password hashes, keys) if executed; the prereqs claim 'read-only privilege sufficient' but callers must ensure only minimally-privileged accounts are used and avoid collecting full running-config unless necessary.
Install Mechanism
No install spec and no code files (instruction-only) — lowest install risk. Nothing in the package pulls or executes external archives or packages.
!
Credentials
The skill requires SSH access and device credentials in practice (per Prerequisites and the Seed Expansion Algorithm), but the registry lists no required env vars, no primary credential, and no required binaries — this under-reporting is a red flag. The skill should declare how credentials are supplied (environment variables, a secrets store, or interactive prompt) and document least-privilege account requirements. As-is, users may be asked to provide broad device credentials without a clear contract.
Persistence & Privilege
always:false and no persistent install actions are present. The skill does not request permanent inclusion or attempt to modify other skills or global config.
Scan Findings in Context
[regex-scan-none] expected: No regex scan findings — expected because this is an instruction-only skill with no code files. Absence of findings does not imply safety; the SKILL.md is the primary attack surface.
What to consider before installing
This skill appears to contain a sensible, read-only procedure for network topology discovery, but the package metadata understates what it needs. Before installing or running it: (1) confirm how SSH credentials are supplied and require the skill to declare required env vars or secret references; (2) use least-privilege, read-only device accounts (avoid admin-level creds); (3) verify scope control settings (management subnet, VRF, hop limits) to avoid unbounded discovery; (4) avoid running commands that dump full running-config or secrets unless strictly necessary and audited; (5) test in an isolated lab/network first; and (6) ask the publisher to correct registry metadata to list 'ssh' as a required binary and to explicitly document credential handling. These steps reduce the risk of unintended exposure or accidental expansion beyond intended scope.

Like a lobster shell, security has layers — review code before you run it.

latestvk97ckdqegwxhn5664xjbekvhjd841c71

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments