Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Tool Registry
v1.0.0工具注册与发现系统。基于Token匹配的工具路由,支持权限控制和子代理工具白名单。 当用户说"工具有哪些"、"搜索工具"、"查找技能"、"工具路由"时触发。
⭐ 0· 15·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description (a registry for registering and discovering tools) aligns with the code and SKILL.md: the registry registers tools like read_file, write_file and bash and provides search/filter/execute APIs. However, the presence of built-in dangerous tools (bash, write_file) is notable but explainable for a registry. There is a code/MD mismatch: the SKILL.md examples restrict 'bash' to 'verification' agents in one spot but the bundled script registers 'bash' for ['verification','general'], which is an incoherence worth flagging.
Instruction Scope
The SKILL.md and the code instruct usage of tools that can read arbitrary local files, write arbitrary files, and execute arbitrary shell commands. More importantly, ToolRegistry.execute(name, input, context) calls the tool's execute handler directly without checking the caller's permission level or agentType — despite the documented permission/agent filtering features. That allows callers to run dangerous ops even when they should be filtered out. The instructions imply permission filtering but the runtime code does not enforce it on execution.
Install Mechanism
Instruction-only with a single local JS module and no install spec. Nothing is downloaded or installed automatically; no third-party packages are pulled during skill installation.
Credentials
The skill declares no required environment variables, credentials, or config paths. The code does not request secrets or external credentials. This is proportionate to a registry. Note: the registry's tools operate on the local filesystem and spawn processes, which are powerful but don't require explicit env/credentials.
Persistence & Privilege
The skill is not always-enabled and can be invoked by users. It does not request persistent system privileges or modify other skills. Autonomous invocation is allowed (platform default) but is not combined here with always:true or broad credential access.
What to consider before installing
This skill implements a registry that includes tools able to read/write local files and run shell commands. While that capability can be legitimate for a tool router, there are two red flags you should address before installing or enabling it for agents: (1) The runtime register includes dangerous tools (bash, write_file) available to broad agent types (the code registers bash for 'general'), and (2) the execute() method does not enforce the documented permission or agent-type checks, so callers can invoke dangerous tools without proper filtering. Recommended actions: review and/or modify the provided scripts so execute() enforces user/agent permissions, restrict dangerous tools to tightly scoped agent types, add input validation/sanitization and sandboxing for command execution, and test in an isolated environment. If you cannot audit or harden the code, avoid enabling the skill for autonomous agents or only allow it for highly-trusted, manual invocations.scripts/tool-registry.mjs:404
Shell command execution detected (child_process).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.Like a lobster shell, security has layers — review code before you run it.
aclvk977gctk8trxfrmgr1dnt95w4x84aendlatestvk977gctk8trxfrmgr1dnt95w4x84aendpermissionvk977gctk8trxfrmgr1dnt95w4x84aendregistryvk977gctk8trxfrmgr1dnt95w4x84aendsearchvk977gctk8trxfrmgr1dnt95w4x84aendtoolvk977gctk8trxfrmgr1dnt95w4x84aend
License
MIT-0
Free to use, modify, and redistribute. No attribution required.