Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
z
v1.0.2Anti-skill-crawler defense system. Detects and mitigates unauthorized crawling, scraping, and bulk extraction of skill definitions, prompt content, and instr...
⭐ 0· 56·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The SKILL.md describes a passive, read-only detector of 'skill-crawling' using request metadata — that purpose aligns with the described detection rules and examples. However, the doc advertises alert channels (webhook, email) and multi-platform support while the registry metadata lists no required env/config for delivering alerts or cross-platform integration. The skill thus claims capabilities (sending webhooks/email) that are not supported by declared configuration.
Instruction Scope
The runtime instructions are largely limited to read-only analysis of request metadata, which is consistent with the claimed scope. But the SKILL.md includes: (a) alert delivery channels (webhook/email) without specifying how endpoints/credentials are provided, (b) session-fingerprint/user-agent analysis which could rely on identifiers not explicitly enumerated as allowed, and (c) a claim that autonomous invocation is disabled while registry flags allow model invocation. These gaps create ambiguity about what data could be transmitted and when.
Install Mechanism
Instruction-only skill with no install spec and no code files — nothing is written to disk or downloaded. This is the lowest-risk install model.
Credentials
The skill declares no required environment variables or config paths, yet the configuration section permits alert channels including 'webhook' and 'email' which normally require URLs or credentials (webhook URL, SMTP server/API keys). The absence of declared env/config means either: alerts are expected to be log-only (safe), or the skill will be configured later with sensitive endpoints/credentials — the latter is not documented and is disproportionate to the stated read-only detection purpose.
Persistence & Privilege
The skill does not request persistent/always-on presence and documents no active countermeasures or response modification. That is appropriate. However, the SKILL.md explicitly states 'Autonomous: Disabled — operator must explicitly invoke' while registry-level flags indicate model invocation may be allowed; this mismatch affects the privilege surface and should be resolved.
What to consider before installing
This README looks like a reasonable read-only crawler detector, but there are important gaps you should clear up before installing: 1) Confirm how alerts are delivered — if you plan to enable webhooks or email, require explicit configuration (webhook URLs, SMTP/API keys) and make sure those are declared and stored securely; prefer 'log' channel by default. 2) Verify platform permissions: ensure the platform-granted 'request_metadata_read' capability actually excludes IPs/PII as claimed, and confirm who can view the alerts. 3) Decide invocation policy: SKILL.md says operator-only, but registry flags allow autonomous invocation — if you want read-only/manual operation, make sure model invocation is disabled. 4) Ask the author for a clear mapping of which request-metadata fields are accessed (user-agent, timestamps, request-id, but not IPs or personal IDs). 5) Because this is instruction-only (no code), validate behavior in a controlled test environment before enabling any alert channels beyond local logs. If the author cannot provide concrete config instructions and permission descriptions, treat the skill as untrusted.Like a lobster shell, security has layers — review code before you run it.
latestvk97ckfynbtpmknef6fd4zw2hmh84a4sm
License
MIT-0
Free to use, modify, and redistribute. No attribution required.