Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
OpenClaw Admin Main
v0.2.8Provides a web interface to monitor OpenClaw nodes, manage agent configurations, oversee resource usage, security policies, and review system logs.
⭐ 0· 84·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Suspicious
medium confidencePurpose & Capability
The codebase (frontend + server + RPC/WebSocket client + sqlite storage + terminal/SSH support) matches the claimed purpose (administrative dashboard for OpenClaw). However the skill metadata declares no required environment variables or binaries even though package scripts and .env.example show the server expects OPENCLAW_WS_URL, OPENCLAW_AUTH_TOKEN / OPENCLAW_AUTH_PASSWORD, PORT, and other envs. That omission is an inconsistency that should be corrected before trusting/Installing.
Instruction Scope
SKILL.md gives a high-level deployment command (clawhub publish ...) and prerequisite notes but omits concrete developer/run steps present in package.json (npm install, npm run build, npm run start or node --env-file=.env server/index.js) and does not warn that the backend will open network ports and persist to a SQLite DB. The runtime instructions therefore under-specify operations that materially affect the system (network listeners, local database, possible terminal/SSH features).
Install Mechanism
There is no explicit install spec in the skill registry (instruction-only), but a full codebase with package.json is included. Installation will require npm install / build and will pull many dependencies (express, ws, ssh2, node-pty, better-sqlite3, etc.). Those dependencies are consistent with the app's features; there are no obvious external download URLs or extract steps in the manifest. The risk here is operational (missing install guidance) rather than supply-chain downloads from suspicious hosts.
Credentials
The registry declares no required environment variables or credentials, yet the code and .env.example reference gateway connection credentials (OPENCLAW_WS_URL, OPENCLAW_AUTH_TOKEN, OPENCLAW_AUTH_PASSWORD), possibly media/storage paths, and server ports. The backend can access local filesystem (data directory, sqlite) and network (connecting to OpenClaw Gateway, listening for incoming connections, SSH/remote terminal). Requesting gateway credentials and the ability to run a networked backend is proportionate to an admin console, but the omission from declared metadata and lack of explicit guidance about safely providing secrets is a concern.
Persistence & Privilege
The project contains a server component that persists data (better-sqlite3 database files) and opens network interfaces. The skill metadata does not request always:true and does not claim automatic persistent presence. That is consistent: the backend must be run explicitly to be persistent. However, SKILL.md doesn't warn users that running the server will create local databases and listen on ports, so the persistence implications are under-documented.
What to consider before installing
This package appears to implement what it claims (a web admin UI plus a Node.js backend), but the registry metadata and SKILL.md do not fully describe how to install, run, or supply credentials. Before installing or running: 1) Treat the source as untrusted until you verify origin—the Homepage is missing and owner is unknown. 2) Inspect server/index.js and server/gateway.js to confirm there are no hardcoded remote endpoints or telemetry/exfil behavior. 3) Do not provide production OpenClaw tokens or passwords until you run it in an isolated test VM or container. 4) Expect to run: npm install, npm run build, and npm run start (or node --env-file=.env server/index.js) and to supply env vars (OPENCLAW_WS_URL, OPENCLAW_AUTH_TOKEN or OPENCLAW_AUTH_PASSWORD, PORT). 5) Restrict network access (firewall, bind to localhost) and review .env.example to understand which secrets the app will read. 6) Consider running npm audit, verifying dependency integrity, and running the server in a sandbox/container with limited filesystem and network privileges. If you want, share server/index.js and server/gateway.js contents and I can point out specific lines to review for sensitive operations or hidden endpoints.server/index.js:385
Shell command execution detected (child_process).
server/index.js:456
Environment variable access combined with network send.
server/index.js:7
File read combined with network send (possible exfiltration).
src/i18n/messages/en-US.ts:1660
File read combined with network send (possible exfiltration).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.Like a lobster shell, security has layers — review code before you run it.
latestvk97czkxwtdkve6nj774mxsc7gn84kp9h
License
MIT-0
Free to use, modify, and redistribute. No attribution required.