ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Ospf Analysis

v1.0.0

OSPF protocol analysis with adjacency diagnosis, area design validation, LSA interpretation, and SPF convergence assessment. Multi-vendor coverage for Cisco...

0· 29·0 current·0 all-time
byVahagn Madatyan@vahagn-madatyan
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
SKILL.md content, CLI reference, and FSM reference all align with the skill name and description: this is an OSPF analysis/runbook skill. However, the SKILL.md's embedded metadata lists a required binary 'ssh' while the registry metadata shows no required binaries — a minor inconsistency in declared requirements.
Instruction Scope
Runtime instructions are read-only troubleshooting steps (show/display commands) for Cisco/JunOS/EOS and analysis guidance (interpret neighbor FSM, LSDB, SPF). They do not instruct reading unrelated local files, contacting external endpoints, or exfiltrating data. The steps assume the agent will run CLI 'show' commands over SSH/console and collect outputs for analysis.
Install Mechanism
No install spec and no code files — instruction-only skill. Nothing is downloaded or written to disk by the skill itself.
!
Credentials
The instructions explicitly require SSH/console access to routers, but the registry declares no required credentials or config paths and required env vars are empty. The skill therefore omits how credentials should be supplied and does not declare a primary credential. That gap is proportionate to the task (SSH access is needed) but is a security concern because it is unclear what the agent will use to connect and whether privileged credentials might be used unintentionally.
Persistence & Privilege
The skill is not always-enabled and does not request persistent system presence or modify other skills/settings. Autonomous invocation is allowed (platform default) but not combined with elevated privileges or declared persistent access.
What to consider before installing
This skill is an instruction-only OSPF troubleshooting runbook and appears to do what it says. Before installing or enabling it: 1) Verify the publisher and prefer skills with an identifiable homepage or source; this one is from an unknown source. 2) Do not provide high‑privilege credentials. The skill assumes SSH/console access — supply a dedicated, least-privilege, read-only account for devices used with the skill. 3) Confirm how your agent will present credentials (never paste private keys or privileged passwords into an unrestricted skill environment). 4) Test the skill in a lab or on non-production devices first to validate outputs and that it issues only read-only 'show' commands. 5) Ask the publisher/maintainer to correct the metadata inconsistency (SKILL.md notes 'ssh' required but registry lists none) and to explicitly declare the expected credential/environment variables and any logging/egress behavior. If you cannot verify the publisher or control the credentials, avoid granting device access.

Like a lobster shell, security has layers — review code before you run it.

latestvk97dqg8kwnth4m048524xj9zrs841205

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments