ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Manusilized

v0.1.0

Enhances OpenClaw agents with real-time streaming, Markdown tool-call recovery, and extended support for latest reasoning models.

0· 163·0 current·0 all-time
byDa Wei@wd041216-bit
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The name/description promise real-time streaming, Markdown tool-call recovery, and model heuristics; the package contains TypeScript patches (ollama-stream.ts, ollama-models.ts), a README, and an install script that copies those files into OpenClaw's src/agents. There are no unrelated env vars or binaries requested. This is coherent with the stated purpose.
Instruction Scope
SKILL.md instructs the user to either wait for an upstream PR or manually replace two core files and rebuild. The included install-patch.sh performs local file backups and copies the patch files; there are no instructions to read unrelated system files, exfiltrate secrets, or call unexpected remote endpoints from the installer. The runtime instructions are limited to modifying OpenClaw core code, which is exactly what the skill claims to do.
Install Mechanism
There is no remote download/install spec — the skill ships patch files and an install script that copies them into the user's OpenClaw tree. This lowers supply-chain risk compared to fetching arbitrary code, but it is still an invasive change because it replaces core agent files. The install script does create .bak backups, which is good practice.
Credentials
The skill does not request environment variables, credentials, or config paths. The code uses local API base URLs (Ollama native endpoints) and normal fetch calls; nothing in the files demands unrelated secrets or external credentials. This is proportionate to its function.
Persistence & Privilege
The skill does not set always:true and is user-invocable (defaults). However, applying the patch permanently modifies the agent runtime by replacing core files. That is inherently higher-privilege than a non-invasive skill, but it's an explicit, user-initiated change rather than an autonomously persistent modification.
Assessment
This package is internally consistent with its stated goal of patching OpenClaw's Ollama provider, but it modifies core agent code — treat it like any other high-impact patch. Before installing: (1) review the full patch files line-by-line (you saw a truncated file in the registry listing — inspect the rest locally), (2) verify the upstream repository and author (the registry metadata lacks a homepage and the source is 'unknown'), (3) test the patch in a disposable clone or non-production environment and keep the .bak files the installer creates, (4) prefer the official upstream PR merge over local patching, and (5) search the patched code for unexpected network endpoints or telemetry if you need high assurance. If you aren't comfortable auditing the TypeScript patches yourself, decline or wait for the official PR to be merged and reviewed.

Like a lobster shell, security has layers — review code before you run it.

latestvk976zp8ae7bd1e5fbee2gjf5298356ap

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments