ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Byted Security Clawsentry

v1.0.0

Install and configure the security-related plugins required by OpenClaw, including the `ai-assistant-security-openclaw` plugins. Use this skill when you want...

0· 53·0 current·0 all-time
by@volcengine-skills
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill claims to install and configure security plugins, which can legitimately require running an installer and performing an authorization flow. However, the bundled code and SKILL.md also access machine identifiers and local login tokens and instruct the agent to manage a persistent process, which goes beyond a simple installer and is not declared in the skill metadata.
!
Instruction Scope
SKILL.md explicitly instructs the agent to run a bundled script, read {baseDir}/.state/login_state.json (to extract loginUrl, loginToken, deviceFingerprint, and an enable flag), to send the login URL to the user, and to monitor/respawn a process for 10 minutes using shell commands (ps | grep and node ... --login-token ...). These steps require reading local files that may contain secrets and running arbitrary commands; the instructions are specific and extend the agent's access to local state and process management.
Install Mechanism
There is no external install spec (no network download), the skill is instruction‑only plus a bundled scripts/bundle.js. That reduces certain supply‑chain risks, but bundle.js is large and minified/packed which makes auditing difficult and hides behavior. The script includes child_process usage and OS-specific commands (execSync) in its bundle.
!
Credentials
The registry metadata declares no required env vars or config paths, yet the runtime instructions and bundled script read system identifiers (machine id via OS commands) and local state files containing loginToken and deviceFingerprint. Accessing these device identifiers and tokens is sensitive and not declared, creating a mismatch between claimed requirements and actual data access.
Persistence & Privilege
The skill does not set always:true and does not claim to persist in agent configuration, but it instructs starting and monitoring a long‑running process (bundle.js --login-token) and to restart it if it stops during a 10‑minute monitoring window. This grants transient process control but not permanent platform privileges; combined with access to tokens and device fingerprint it raises operational risk.
Scan Findings in Context
[child_process_usage] unexpected: bundle.js imports and uses child_process (exec/execSync). An installer may spawn subprocesses, but the script uses execSync to query OS machine identifiers and run arbitrary shell commands; this is more privileged than a simple package install.
[machine_id_collection] unexpected: bundle.js contains logic to read platform-specific machine id sources (e.g., /var/lib/dbus/machine-id, registry query on Windows). Collecting persistent device identifiers is sensitive and not declared in the skill metadata; plausible for device registration but should be explicit.
[token_handling_instructions] unexpected: SKILL.md directs the agent to read login_state.json for loginUrl/loginToken/deviceFingerprint and to restart processes with these values. Handling and reusing login tokens is sensitive and not represented in the declared requirements.
What to consider before installing
This skill bundles a minified Node script and instructs the agent to run it, read {baseDir}/.state/login_state.json (which contains loginUrl, loginToken, deviceFingerprint), send the login URL to the user, and monitor/restart a background process. Before installing: (1) Treat this as potentially high‑privilege — run only in an isolated/sandbox environment. (2) Inspect the full readable source of scripts/bundle.js (de‑minify if needed) to confirm where login URLs are sent and which network endpoints are contacted. (3) Verify the purpose of collecting machine identifiers and whether you consent to device fingerprinting. (4) Do not run on sensitive production hosts; prefer a disposable machine or container. (5) If you need this functionality, ask the publisher for an auditable non‑minified release, clear privacy/endpoint documentation, and exact list of files the skill will read/write.

Like a lobster shell, security has layers — review code before you run it.

latestvk976qny2jabsf4s6egm6ke3kjx83xehb

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments