Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Palo Alto Firewall Audit
v1.0.0PAN-OS zone-based security policy audit with App-ID/Content-ID analysis, Security Profile Group validation, zone protection assessment, and decryption policy...
⭐ 0· 30·0 current·0 all-time
byVahagn Madatyan@vahagn-madatyan
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The SKILL.md describes a focused, read-only PAN-OS security policy audit and the runtime instructions only reference PAN-OS CLI/XML/REST read-only commands — that is consistent with the stated purpose. However, the registry metadata provided with the skill (top-level requirements) lists no required environment variables or primary credential, while the SKILL.md embedded metadata (openclaw block) declares a required env var PAN_API_KEY and an mcp dependency. This mismatch between what the skill says it needs and what the registry claims is an incoherence that should be clarified.
Instruction Scope
The SKILL.md instructs only read-only interactions (show/test commands, GET XML API) against PAN-OS devices and Panorama. It does not instruct the agent to read unrelated host files, exfiltrate arbitrary data, or perform configuration changes. The scope of actions described is appropriate for an audit skill.
Install Mechanism
No install spec or code files are present; this is an instruction-only skill. That minimizes disk-write and supply-chain risk.
Credentials
Requiring a PAN_API_KEY for read-only API access would be proportionate. But the registry metadata supplied with the skill lists no required env vars while the SKILL.md openclaw metadata includes PAN_API_KEY and also an egressEndpoints entry (*.paloaltonetworks.com:443) and an mcpDependencies entry. These additional metadata fields are plausible but not justified by the instruction content (most commands target the local management interface or Panorama, not the Palo Alto cloud). The mismatch and the presence of an egress endpoint (which could allow outbound connections to paloaltonetworks.com) are suspicious until the author clarifies why external egress is needed and what exact credential scope is required (read-only API key only).
Persistence & Privilege
The skill is not marked always:true, has no install actions, and does not request system-level config paths or other skills' credentials. Autonomous invocation is allowed (platform default) but does not combine with other red flags to indicate elevated persistence or privilege.
Scan Findings in Context
[no_code_files] expected: The repository is instruction-only; the regex scanner had no code to analyze. This explains the absence of scanner findings, but also means the SKILL.md metadata is the primary security surface to review.
What to consider before installing
This skill appears to describe a legitimate read-only Palo Alto firewall audit: the commands and procedures are appropriate. Before installing, confirm these points: (1) Which credential(s) are actually required — the SKILL.md mentions PAN_API_KEY but the registry lists none. If a PAN_API_KEY is required, only supply a key scoped to read-only access and limited to the specific Panorama/firewall hosts. (2) Ask the publisher why the metadata declares egress to *.paloaltonetworks.com:443 and an mcp dependency; verify whether the skill needs to reach Palo Alto cloud services (Pan-DB/WildFire) or an MCP helper — if not, restrict egress. (3) Prefer using local management endpoints (firewall or Panorama IPs) rather than exposing keys to external services. (4) If you have low tolerance for ambiguity, request an update with consistent registry metadata (declared env vars and dependencies) before enabling the skill. These inconsistencies look like sloppy packaging rather than outright malicious behavior, but they should be resolved before usage.Like a lobster shell, security has layers — review code before you run it.
latestvk97c8dyrk9xpdg2zz6140vvnm184095f
License
MIT-0
Free to use, modify, and redistribute. No attribution required.