ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Linux Omniscient

v1.0.1

全知全能技能 — 整合认知套件、执行框架、系统控制三大能力层,并配备编排引擎。 认知层:四种思维操作码(直用/改进/迁移/构建)覆盖所有思考任务; 执行层:大语言模型 + 命令执行工具,自动化代码生成与脚本执行; 操控层:Linux桌面软件、系统硬件、串口设备、物联网平台、图形界面自动化、蓝牙设备、GPU显卡、存...

0· 74·0 current·0 all-time
by波动几何@wangjiaocheng
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description promise a full system-controller for Linux and the repository contains many controller scripts (audio, display, network, GPU, camera, bluetooth, serial, IoT, power, process management, GUI automation). Those capabilities are coherent with a 'system control' skill. However the dependency list includes Windows-only packages (pycaw, comtypes) while the system apt install and many scripts target Linux — this mismatch suggests poor packaging or an attempt to be cross-platform without clear scope. Overall capability set is broad but expected for a system-controller; the Windows-focused Python deps are unexplained.
!
Instruction Scope
SKILL.md instructs an automated router and orchestration engine that may autonomously combine cognitive, code-generation, and system-control baselines to operate 'for any task, no exceptions.' The scripts can take screenshots, capture camera images, send HTTP requests (including with tokens passed at runtime), change network/DNS/proxy, control shutdown/suspend, manipulate input (keyboard/mouse), and execute/kill processes. Those are within a system-controller's domain but the SKILL.md's 'no exceptions' automation policy plus ability to perform high-risk host actions raises scope creep and operational risk if the agent is allowed to run without strong, explicit confirmation rules.
Install Mechanism
There is no install spec; the skill is instruction-plus-code but does not declare an automated install step. That keeps install risk low (nothing is automatically downloaded/executed by the registry), but the dependency block lists many Python packages and an apt-get line the user would need to install manually. No external/untrusted download URLs are present in the metadata.
Credentials
The skill declares no required environment variables or primary credential, which is reasonable. However some modules (iot_controller/homeassistant) accept tokens and URLs as runtime arguments (not env vars) so the skill can be used to transmit credentials you provide at runtime. There are no explicit secret-exfiltration endpoints in the code, but the ability to make arbitrary HTTP requests (iot_controller.send_http_request) means a user-supplied token or data could be posted anywhere. The lack of declared env vars is coherent but does not remove the need to treat runtime arguments as sensitive.
Persistence & Privilege
always:false (normal). disable-model-invocation:false (agent can invoke autonomously) — this is the platform default. Autonomous invocation combined with broad system-control capabilities increases risk: the skill could attempt shutdowns, network changes, camera/screenshot capture, or other high-impact ops if the orchestration policy isn't strict. There is no evidence the skill modifies other skills or global agent settings.
What to consider before installing
This skill indeed contains code to control many parts of a host (camera, microphone, screen, mouse/keyboard automation, network settings, power actions, process management). That aligns with its stated purpose but has three practical concerns: (1) multiple coding inconsistencies (e.g., dependency list includes Windows-only packages while scripts are Linux-focused; many run_cmd calls pass lists or include pipe characters as list elements — these will often fail), (2) it can perform high-risk actions (shutdown, suspend, change DNS/proxy, access camera/screenshots, kill processes, send HTTP requests with tokens), and (3) SKILL.md advocates automatic orchestration for 'any task', which could let the agent chain many sensitive operations without clear, enforced user confirmations. Before installing or enabling this skill: - Run it only in a sandbox or VM first (do not enable on a production or sensitive machine). - Review and fix the code (the common.run_cmd contract doesn't match many callers; shell/pipe handling is incorrect) or ask the author to provide a tested, platform-consistent release. - Require explicit, per-operation user confirmation for high-risk actions (shutdown/restart, network changes, camera/microphone access, sending tokens to remote endpoints). - If possible, disable autonomous invocation or restrict the skill to manual invocation until you trust it. - If you must use IoT/HomeAssistant features, avoid passing long-lived tokens to the skill unless you trust its runtime policies; prefer short-lived credentials. - Ask the publisher to clarify Windows vs Linux target platforms and to clean up dependency and command handling. Given the broad host control surface and the implementation sloppiness, treat this skill as risky until cleaned up and run under tight controls.

Like a lobster shell, security has layers — review code before you run it.

latestvk979cn8s1ja3gy52yk2jpfzc3584k7sn

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments