ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Skill Trust Guard

v1.0.0

Enforces skill-trust-scanner security checks before installing skills, blocking or alerting based on risk scores to reduce supply chain threats.

0· 544·1 current·1 all-time
byFlynn Guo@walkman1w
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description (enforce a pre-install scanner) matches what the scripts do (wrapper + pre-install hook + shim). However the scanner dependency is hard-coded to /home/guofeng/clawd/skill-trust-scanner/src/cli.ts by default, which is specific to the author's environment and not explained in the metadata — this will either fail for users or cause the wrapper to run an arbitrary local script if that path exists. That hard-coded path is unexpected for a distributable skill.
Instruction Scope
SKILL.md and the scripts are focused on scanning a skill directory and making allow/warn/reject decisions. The runtime instructions do not attempt to read unrelated system files themselves (they delegate scanning to an external scanner). The wrapper intercepts 'clawhub install' via a PATH shim as documented, which is consistent with the stated goal.
!
Install Mechanism
There is no packaged install spec (instruction-only with scripts). The pre-install hook uses 'npx tsx' to execute a TypeScript CLI at a user-expected path; running 'npx' may fetch tools from npm at runtime if tsx is not present, which introduces network code execution. The hard-coded scanner path increases fragility and risk because the skill expects an external project present on disk rather than bundling or installing a vetted scanner from a known release host.
Credentials
The skill does not request credentials or config paths beyond optional SCANNER_ROOT/SCANNER_CLI overrides. It does not try to read or exfiltrate environment variables itself. The only notable env usage is allowing override of the scanner path, which is reasonable but means the scanner run will have whatever access that scanner has.
Persistence & Privilege
The integrate.sh installs a shim in ~/.openclaw/bin and instructs users to add it to PATH, which gives the skill persistent interception of 'clawhub install' when that PATH entry is earlier. This is consistent with the purpose but is a behavior that can affect all future installs and should be consciously accepted by the user. The skill is not 'always: true' and does not modify other skill configs.
What to consider before installing
This package implements exactly what it says (wraps 'clawhub install' and runs a scanner) but contains a couple of red flags you should address before using it: (1) it expects a scanner at a hard-coded developer path (/home/guofeng/...), so by default it will fail on most machines or — if that path exists — run whatever code is there; (2) the pre-install hook uses 'npx tsx' which can fetch and run code from npm at runtime; (3) integrate.sh installs a PATH shim that will intercept all future 'clawhub install' calls. Recommended steps before installing/integrating: inspect the scanner CLI source you plan to point to (set SCANNER_ROOT/SCANNER_CLI to a trusted local copy or a vetted release), run install.sh on a harmless local skill to observe behavior, avoid running integrate.sh until you trust the scanner (or back up your clawhub binary path), and prefer bundling or referencing a released scanner package (GitHub release or published npm package) rather than relying on a hard-coded developer path. If you want a safer posture, ask the author for a packaged scanner dependency or a verified install mechanism.

Like a lobster shell, security has layers — review code before you run it.

latestvk9752y6npvc6ss8yxg7pss76b181ewyy

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

skill-trust-guard

在安装 skill 前强制执行 skill-trust-scanner 安全扫描,并按评分执行拦截策略。

目标

  • clawhub install 前置为“先扫描再安装”
  • 默认阻断高风险 skill,降低供应链投毒风险
  • 保持现有 CLI 习惯(可用 shim 覆盖原命令)

评分策略

  • score < 50:拒绝安装(block)
  • 50 <= score < 75:告警,需人工确认(--yes 可自动继续)
  • score >= 75:直接安装

组成

  • install.sh:主包装器(方案 B)
  • hooks/pre-install.sh:可复用 pre-install hook(本地路径扫描 + 决策)
  • integrate.sh:生成 PATH shim,让 clawhub install 自动走 guard
  • README.md:安装/集成/测试说明

依赖

  • scanner: /home/guofeng/clawd/skill-trust-scanner/src/cli.ts
  • Node.js + npx
  • clawhub CLI

用法

~/.openclaw/skills/skill-trust-guard/install.sh <slug|path|git-url>

或执行:

~/.openclaw/skills/skill-trust-guard/integrate.sh
export PATH="$HOME/.openclaw/bin:$PATH"

之后直接使用:

clawhub install <skill>

(自动触发 trust guard)

Files

7 total
Select a file
Select a file to preview.

Comments

Loading comments…