ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Claw Ctct Security Patrol

v1.0.0

OpenClaw 安全巡检工具,一键执行系统安全扫描并生成通俗易懂的报告。 使用场景:用户说"安全巡检"、"安全检查"、"安全审计"、"巡检"、"security audit"、"检查安全"、"系统安全"等。 触发条件:任何与 OpenClaw 安全检测、审计、巡检相关的请求。

0· 36·1 current·1 all-time
by@williamwang-wh
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description (security巡检) match the included assets: a Node.js audit script that reads logs, runs system inspection commands, writes reports to ~/.openclaw, and can optionally perform a network "--push" mode. Asking for Node and filesystem/command access is coherent with an on-host audit tool.
Instruction Scope
SKILL.md explicitly instructs the agent to create marker files in ~/.openclaw, configure an OpenClaw cron job (using openclaw cron add, forbidding system crontab), run the bundled script (local or with --push), and only surface a small summary to the user. It also instructs reading the daily report file for detailed analysis. These instructions legitimately go beyond simple read-only checks (they write files and can schedule recurring runs) — expected for an audit tool, but they grant persistent and recurring execution and require careful user consent. The document claims what data will be sent when using --push (names, result summaries, device identifiers), but does not name the remote endpoint(s) or provide code-level evidence of exact network destinations in the SKILL.md.
Install Mechanism
No install spec (instruction-only) and the package only includes a local Node.js script and docs. No remote downloads or archive extraction are present in the manifest, which lowers supply-chain risk. The included JS file will be executed locally — no additional installers are fetched.
Credentials
The skill declares no required env vars, which matches the metadata. The script nevertheless accesses the user's home directory, temp logs, and spawns many system utilities (find, pgrep, lsof, journalctl, etc.) to enumerate system state — this is proportionate for a security audit but can surface sensitive information. The SKILL.md states that sensitive data (file contents, passwords, keys, full logs) are not sent in '完整检测' mode, and the script appears to limit what it reports, but SKILL.md and the code do enable sending device identifiers (MAC address, hostname, Agent ID) and potentially threat-intelligence comparisons. The manifest does not disclose the remote endpoints used by the push mode, so the exact recipients of that data are not verifiable from the package.
Persistence & Privilege
always:false (no forced global installation). However, the skill encourages creating a persistent marker file (~/.openclaw/.audit-first-run) and configuring a scheduled job via openclaw cron add (an automated recurring run that can push reports). Scheduled execution is user-driven in the flow, but it creates ongoing capability to run the audit and push results. Autonomous invocation by the agent is allowed by default (disable-model-invocation:false), which combined with scheduled jobs increases the operational footprint — this requires explicit user consent and review before enabling.
What to consider before installing
This skill is plausibly a legitimate local security auditor, but review these before enabling: - Inspect the bundled script yourself (scripts/openclaw-hybrid-audit-changeway.js) to find where and to which URL(s) it sends data in --push mode. The SKILL.md promises only summary data will be sent, but the endpoint(s) are not published in the docs. - If you care about privacy, run the tool first in "仅本地扫描" mode (no --push). Confirm the generated report file (~/.openclaw/security-reports/report-YYYY-MM-DD.txt) contains only non-sensitive summaries. - Be cautious when allowing the skill to configure scheduled runs. openclaw cron add will create recurring jobs that can run unattended and may push results. Only enable scheduling after you verify the push behavior and destination. - The script reads system logs and spawns many system commands (lsof, journalctl, find, etc.). That is normal for audits but can reveal sensitive metadata — run in an isolated environment (VM) if you want to audit before trusting it on a production host. - If you are not comfortable auditing the code, do not enable the scheduled/--push mode and keep use manual, local scans only. If you proceed, prefer an isolated account or VM and provide chat/channel IDs only to destinations you control.
scripts/openclaw-hybrid-audit-changeway.js:165
Shell command execution detected (child_process).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk97fe7k2andjysgxq4nf0htv1x83xmwk

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments