Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Parent Control
v1.2.0成长伙伴 - 青少年电脑管理神器!禁用游戏、屏蔽网站、时间管理、远程锁屏。7 天免费试用,¥9.9 起!
⭐ 0· 74·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The stated purpose (parental control with a client and a web management console) is plausible, but the SKILL.md references a client directory, requirements.txt, and Python entrypoint that are not included in the skill bundle. It also advertises license/activation and email reporting yet declares no related endpoints or credentials. Asking for Python3 and admin privileges is consistent with some parental-control implementations, but the missing code and missing activation/backend details are unexplained.
Instruction Scope
Runtime instructions tell the user/agent to run 'pip install -r requirements.txt' and 'cd client && python main.py' and mention modifying the hosts file and lock-screen functionality (requires admin). Those instructions reference local files/paths and privileged system changes that are not part of the skill. The doc also mentions generating and emailing reports and license activation without specifying SMTP or activation servers. The instructions do not instruct reading unrelated system secrets, but they do imply privileged modifications and networked behavior for which no configuration is provided.
Install Mechanism
There is no install specification and no code files in the skill bundle—this lowers direct supply-chain risk from the registry entry itself. However, the SKILL.md expects the presence of repository files and a requirements.txt that would need to be downloaded from elsewhere; that external download step is not specified here and would be where higher-risk code could be introduced.
Credentials
The skill declares no required environment variables or credentials, but features described (email report sending, activation/licensing, remote control) normally require SMTP credentials, server API keys, or access tokens. The absence of declared env/config requirements is inconsistent with the advertised behavior. The request for administrator privileges is plausible for hosts modification and lock-screen, but gives wide system control and should be justified by inspecting the actual code.
Persistence & Privilege
The skill does not set always:true and does not request any platform-wide persistence via the registry metadata. However, the product itself claims it needs administrator privileges on Windows to modify system files and enforce locks—that privilege is intrinsic to parental-control functionality but increases risk if you cannot audit the code that will run with those privileges.
What to consider before installing
This registry entry is essentially a README for a parental-control product but includes no code or install artifacts—treat it as documentation, not an installer. Before installing or running anything described here, ask the publisher for: (1) a source repo or official download URL, (2) checksums/signatures for any downloadable archives, (3) the server/API endpoints and what credentials (SMTP, license servers) are required, and (4) the client code for audit (especially any components that run as administrator). Do not run 'pip install -r requirements.txt' or 'python main.py' from an unknown folder; avoid giving admin privileges or modifying hosts/lock-screen behavior on your primary machine until you can review the code. If you must test, do so in an isolated VM or disposable system, and prefer software from verifiable, reputable sources.Like a lobster shell, security has layers — review code before you run it.
latestvk978wvr59y62davvb46bxpp15583h008
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🌱 Clawdis
Binspython3