ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Exec Guard

v1.0.0

命令安全守卫。在执行 shell 命令前进行语义分类(READ/WRITE/NETWORK/DESTRUCTIVE),自动放行安全操作,拦截危险操作。灵感来自 Claude Code 的命令语义分类器。触发词:exec guard、命令安全、安全执行、safe exec。

0· 65·0 current·0 all-time
by@wavmson
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description (Exec Guard) align with the instructions: it classifies commands into READ/WRITE/NETWORK/DESTRUCTIVE and requires confirmations for higher-risk ops. The classification rules and decision tree are coherent with that goal.
!
Instruction Scope
SKILL.md instructs the agent to intercept every exec invocation and to persist user preferences across sessions (memory/ or MEMORY.md). It also references integration with global OpenClaw security modes. The skill did not declare any config path or explain where/how it will persist data, which is scope creep relative to a purely behavioral guard.
Install Mechanism
Instruction-only skill with no install spec or code files — low install risk. Nothing is downloaded or written by an installer step.
Credentials
No environment variables or credentials requested (good). However the instructions propose writing preference data to memory/ or MEMORY.md and reading/writing that across sessions despite no declared config paths — this is a mismatch between declared requirements and expected behavior.
!
Persistence & Privilege
SKILL.md includes 'alwaysLoad: true' and asserts it is 'always effective' before exec calls; the registry metadata indicates the skill is not flagged always:true. The skill wants cross-session preference persistence but does not declare config paths. Always-on behavior plus undocumented persistence increases privilege and surprise risk.
What to consider before installing
The skill's functionality (classifying exec commands and asking before risky actions) is reasonable, but you should confirm how and where it stores user preferences before installing. Ask the author or marketplace for: (1) explicit metadata that sets always:true if it must be always-loaded, (2) declared config/storage paths (where MEMORY.md or memory/ will live) and permissions needed, and (3) whether it will actually write files or modify agent/system settings. If you don't want persistent preference storage or an always-on guard, avoid enabling it or run it in a sandboxed agent first. If allowed to persist, review the stored preferences for sensitive info and ensure it's stored in a controlled workspace location.

Like a lobster shell, security has layers — review code before you run it.

latestvk97dkzq3s8st6wjvm3ydx40aa184210d

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments