Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
OpenClaw Security Guard
v0.2.1This skill should be used when the user asks to harden agent workflows, audit prompts/commands/URLs/paths, scan a third-party skill before install or publish...
⭐ 0· 182·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill's name, description, and scripts align: it scans text/commands/URLs/paths and audits skill folders. One mismatch: the package includes Node and bash scripts but the registry metadata lists no required binaries; a legitimate skill should declare Node (and/or bash) as a dependency/runtime requirement.
Instruction Scope
SKILL.md and scripts instruct the agent to read arbitrary target directories (audit-skill-dir) and to write audit notes to disk. write-obsidian-audit.mjs uses a hard-coded vault path (/Users/m1/Desktop/obsidianvault/ClawLite) which is a leak of the packager's local path and will attempt to write to that exact location when run — unexpected and undesirable. The install-hooks.sh writes a helper script into $HOME/.openclaw/workspace which modifies the user's home workspace; this is documented but is an automatic filesystem modification that users should be warned about.
Install Mechanism
There is no remote download/install step; the skill ships its scripts in the package. That lowers supply-chain risk. The included install-hooks.sh does create a script in the user's $HOME which is a local change but not a remote installation.
Credentials
The skill does not request any environment variables or credentials (good). However, scripts write into $HOME and a hard-coded absolute path to an Obsidian vault; the latter is unrelated to the stated purpose and appears to be a leftover developer path. No secrets are requested, but the auditing scripts will read files under whatever target directory is provided (expected for an audit tool).
Persistence & Privilege
always:false (good). The only persistent change is install-hooks.sh which installs a helper script under $HOME/.openclaw/workspace — this is scope-limited to the user's workspace but it does modify the filesystem and create an executable helper. The skill does not attempt to modify other skills or global agent settings beyond that helper install.
What to consider before installing
This skill appears to implement a useful local pre-publish/audit tool, but review it locally before running: 1) Ensure you have Node available (scripts rely on node but the skill metadata doesn't declare it). 2) Inspect write-obsidian-audit.mjs — it writes to a hard-coded path (/Users/m1/...) that likely belongs to the author; change it or delete that behavior before running to avoid unexpected writes. 3) The install-hooks.sh will create a script in $HOME/.openclaw/workspace — accept only if you want that helper installed. 4) Because the audit script reads files under whatever path you supply, avoid pointing it at sensitive system directories unless you intend to allow reading those files. 5) Prefer running the scripts in an isolated environment (container or throwaway account) and manually inspect the code (especially file-write locations) before giving the skill filesystem access. If you want higher assurance, ask the author to remove hard-coded paths and to declare Node as a required runtime.scripts/prepublish-guard.mjs:13
Shell command execution detected (child_process).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.Like a lobster shell, security has layers — review code before you run it.
latestvk97e2b30997kgdcw05yn9k0zbh82x3gq
License
MIT-0
Free to use, modify, and redistribute. No attribution required.