Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Poc Validator
v0.1.0Automated Vulnerability Verification and Payload Replay Probe. Dynamically executes HTTP requests and analyzes HTTP status codes/error traces (e.g., SQL Inje...
⭐ 1· 51·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
The name/description (PoC Validator) aligns with the included script and SKILL.md: both replay HTTP requests and extract error snippets (SQLSTATE, syntax errors, etc.). Nothing requested (no env vars or unrelated binaries) appears out-of-scope. Minor omission: the SKILL.md examples invoke `python3` and the script uses the `requests` library, but the registry metadata lists no required binaries or dependencies — this is an implementation detail mismatch that should be declared.
Instruction Scope
SKILL.md instructions are narrowly focused on accepting a user-provided URL, method, headers (including Cookie and User-Agent), and payload, running scripts/replay.py, and analyzing the response. It does not instruct the agent to read unrelated files or environment variables. However, it explicitly permits replaying 'malicious payloads' against arbitrary targets and contains no built-in authorization checks or rate limits — this means the skill can be used for unauthorized testing if the agent or user supplies unapproved targets/payloads. The SKILL.md warns against mass scanning/DDoS/unauthorized exploitation but does not enforce safeguards.
Install Mechanism
There is no install spec (instruction-only plus a script), which is low-risk. The script requires Python 3 and the third-party 'requests' package, but these requirements are not declared in the registry metadata. No downloads from external URLs or archives are present.
Credentials
The skill requests no environment variables or credentials, which is proportionate. Still, the runtime behavior can transmit or capture sensitive data (cookies, auth headers, and full response bodies) from the target. The skill will print response headers/body snippets to stdout (JSON), so secrets obtained from target responses could be exposed in agent logs — this is expected for this class of tool but worth noting.
Persistence & Privilege
The skill does not request persistent presence (always:false) and does not modify other skills or system configurations. Model-invocation is enabled by default but not excessive here; autonomous invocation combined with lack of authorization checks could increase misuse risk, but that is an operational concern rather than an incoherence in the skill itself.
Assessment
This skill behaves as advertised (it replays HTTP requests and extracts error traces), but take these precautions before installing or using it:
- Ensure you have explicit authorization to test any target. The skill will send arbitrary payloads and has no built-in permission checks; misuse can be illegal.
- The package does not declare runtime dependencies: you need python3 and the Python 'requests' library available where the agent runs.
- The script disables TLS verification (verify=False) and will accept self-signed certs; consider modifying this if you need strict TLS validation.
- Requests may include Cookie or Authorization headers and the skill prints response headers/body snippets to stdout — avoid sending sensitive credentials as part of tests or ensure logs are protected.
- If you plan to run this autonomously, add operational safeguards (rate limits, allowlist of target hosts, explicit confirmation prompts) to avoid accidental scanning/exfiltration.
If those conditions are acceptable and you only intend to test authorized targets, the skill is coherent with its stated purpose.Like a lobster shell, security has layers — review code before you run it.
latestvk97fy30n29fqk89g755ybvva8x83cmm8
License
MIT-0
Free to use, modify, and redistribute. No attribution required.