ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Virse Design

v1.0.0

Virse AI Design Platform — AI image generation, canvas layout, workspace management, and asset organization. Use this skill whenever the user mentions Virse,...

0· 87·0 current·0 all-time
by@vxcent
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name, description, playbooks and tools consistently implement a Virse design platform client (workspace/canvas management, image generation, asset organization). The included scripts and playbooks align with that stated purpose.
Instruction Scope
Runtime instructions tell the agent to call the local virse_call client (python script) which performs network calls to the Virse MCP endpoint and to read/save a token file (~/.virse/token) or use an env var. Playbooks also instruct broad scans (e.g., scanning all workspaces) which can enumerate and read many assets; those are in-scope for a workspace management skill but increase data access surface. The SKILL.md does not instruct reading unrelated system files, but several scripts will run subprocess/git/network checks if invoked.
Install Mechanism
No install spec — instruction-only + shipped scripts. This minimizes automatic disk writes on install. The code files are present but no remote download/installation is performed by the registry metadata.
!
Credentials
Metadata lists no required env vars or credentials, but the code clearly reads/writes credentials: VIRSE_API_KEY (env), VIRSE_BASE_URL (env), and a token file at ~/.virse/token. The skill will send Authorization headers to dev.virse.ai and can save tokens locally via 'save-key'. The omission of these required credentials from the declared metadata is an incoherence and increases risk because the agent may access or require secrets that weren't disclosed up-front.
Persistence & Privilege
always:false (normal). The skill can save a token to ~/.virse/token via its save-key flow and uses the device-flow login flow that requires showing a verification URL to the user. The skill does not request system-wide config changes or modify other skills, but because agent invocation is allowed, the skill can make network calls and read/write the token file during runtime if the user provides credentials.
Scan Findings in Context
[uses_subprocess_run] expected: check_update.py uses subprocess.run to call git; this is expected for an updater script but means it will execute shell commands if invoked.
[reads_token_file] expected: virse_call.py reads ~/.virse/token and uses VIRSE_API_KEY env var. Expected for a client that needs an API key, but the skill metadata did not declare this requirement.
[network_calls_to_service] expected: Scripts make HTTP requests to the Virse MCP endpoint (default https://dev.virse.ai) and GitHub API. Network access is necessary for the stated functionality but means API keys and network connectivity are required.
What to consider before installing
This skill appears to be a legitimate client for a Virse design service, but there are some mismatches you should consider before installing: - Credentials not declared: The registry metadata lists no required env vars, yet the scripts read VIRSE_API_KEY (or ~/.virse/token) and accept VIRSE_BASE_URL. Expect to provide an API key or to use interactive device-flow login for the skill to work. Treat any API key as sensitive. - Token file behavior: The tool can write a token to ~/.virse/token via 'save-key'. If you don't trust the skill, do not use save-key; prefer the interactive device-login flow and avoid storing long-lived keys on disk. - Network endpoints: Default base URL is https://dev.virse.ai (development host). Confirm whether you want calls to this host. If you are concerned about redirected endpoints, do not set VIRSE_BASE_URL or verify its value before use. - Broad data access: Several playbooks (e.g., cross-workspace-collect, workspace-scan) will enumerate and read many assets — review and confirm scans before allowing them to run. - Unknown origin: The skill lists no homepage and the registry owner ID is unfamiliar. If you require higher assurance, review the scripts (they are included) or run them in a sandboxed environment first. Actionable steps: review the virse_call.py and check_update.py source (already bundled), decide whether to provide an API key, prefer device-flow interactive login when possible, avoid using save-key unless you trust the skill, and consider running in a restricted/sandboxed agent or with least-privilege credentials. If you want higher confidence, ask the publisher for provenance (repo/homepage) or for metadata to explicitly declare the required env vars and their purpose.

Like a lobster shell, security has layers — review code before you run it.

latestvk972sfy7y1fhek1ae681e78zyh836gd6

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments