ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Lockout

v1.0.0

Lockout tagout safety procedure manager. Use when json lockout tasks, csv lockout tasks, checking lockout status.

0· 66·0 current·0 all-time
bybytesagain4@xueyetianya
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description describe a local lockout/tagout task manager and the included script implements exactly that: add/list/search/remove/export/stats/config operations on a local data directory. No unrelated services, credentials, or binaries are requested.
Instruction Scope
SKILL.md instructs the agent to run scripts/script.sh with specific commands. The script performs only local file I/O under DATA_DIR (default ~/.lockout), simple text processing, and standard CLI actions. It does not reach out to network endpoints, read arbitrary system files, or access other environment variables beyond the optional LOCKOUT_DIR.
Install Mechanism
There is no install spec (instruction-only with an included script). Nothing is downloaded or written to system locations beyond the user's data directory created by the script.
Credentials
No required environment variables or credentials are declared. The script honors an optional LOCKOUT_DIR env var (documented in SKILL.md) to override the data directory, which is proportionate and expected.
Persistence & Privilege
The skill does not request always:true and does not modify other skills or system-wide agent settings. It stores its own data and config under the user's data directory only.
Assessment
This skill appears to be a simple local CLI tool that stores entries in plain text under ~/.lockout (or the directory you set via LOCKOUT_DIR). Before installing, be aware that: entries and config are stored unencrypted in data.jsonl and config.txt (so avoid saving sensitive secrets there); the tool uses common shell utilities (grep, sed, tail, wc, du, cp) so ensure those behave as expected on your OS (macOS sed -i semantics differ); you can inspect scripts/script.sh yourself — there are no network calls or credential requests. If you need encrypted storage or multi-user isolation, do not rely on this script as-is.

Like a lobster shell, security has layers — review code before you run it.

latestvk972sp06r0m59522re3gcb60c98389pq

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments