ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

redis-tools

v1.0.0

Lookup Redis commands by category, test Redis server connections, and monitor database key counts and memory usage, with offline cheatsheet support.

0· 68·0 current·0 all-time
bybytesagain4@xueyetianya
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description (Redis cheatsheet, connection test, monitor) align with what is provided: a Bash script that displays command references and can call redis-cli for tests/monitoring. No unrelated env vars, binaries or config paths are requested.
Instruction Scope
SKILL.md instructs the agent to run the included script with host/port/password arguments. That scope is consistent with the stated purpose. Caution: the runtime instructs network connections to user-specified Redis endpoints (expected), and running the provided script will execute code from the skill bundle—review the script for any unexpected behavior (external network calls, uploads) before providing credentials.
Install Mechanism
No install spec; this is an instruction-only skill with an included Bash script. Nothing is downloaded or written to disk by an installer step.
Credentials
The skill declares no environment variables, no credentials, and no config paths. The only sensitive input is an optional Redis password passed as an argument (documented). There are no unexplained secret requests.
Persistence & Privilege
always is false and the skill does not request persistent or system-wide privileges. The skill can be invoked autonomously by the agent (default), which is normal; consider disabling autonomous invocation if you do not want the agent to initiate network tests on its own.
Assessment
This skill appears coherent: it provides a local Bash cheatsheet and a script that uses redis-cli to test and monitor Redis instances. Before installing or running it: (1) open and read scripts/script.sh in full to confirm there are no hidden network calls (curl/netcat) or external endpoints; (2) do not supply production credentials or passwords unless you trust the script and its source—prefer testing against a local/dev Redis instance first; (3) if you are concerned about the agent initiating network activity autonomously, keep disable-model-invocation or agent autonomous invocation settings restricted; (4) run the script in a sandbox / non-privileged environment if possible. If you want, paste the full script here and I can scan it for risky patterns (egress calls, data exfiltration attempts).

Like a lobster shell, security has layers — review code before you run it.

latestvk970tqpd1rqqnq2fsaypsh6kdd83v12j

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments