ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

OC Approval-Free Node Stabilizer

v0.1.0

Stabilize no-approval node execution in OpenClaw. Use when approval timeout, noisy failure events, or node run drift appears.

0· 340·0 current·0 all-time
by@xyezir
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name and description (stabilizing approval-free node execution) align with the SKILL.md procedure (confirm policy, standardize execution path, retry rules, validation). There are no unrelated env vars, binaries, or installs requested, so the declared requirements are proportionate to the stated purpose.
Instruction Scope
Instructions are high-level operational steps (confirm policy, standardize runs, add retry rules, validate). They do not tell the agent to read specific files, call external endpoints, or access secrets, but they are intentionally vague — in practice the agent may need to inspect node configurations or orchestration state. The SKILL.md includes a guardrail to require explicit confirmation for high-risk actions and to avoid publishing credentials.
Install Mechanism
No install spec or code files; this is instruction-only and therefore does not introduce filesystem or network install risk.
Credentials
No environment variables, credentials, or config paths are requested. The skill does not ask for unrelated secrets or broad access rights.
Persistence & Privilege
Flags show default behavior (not always, user-invocable, model invocation allowed). The skill does not request permanent presence or to modify other skills or system-wide settings.
Assessment
This instruction-only skill appears coherent and low-risk because it requests no installs or credentials. However, the procedure is deliberately high-level and relies on the agent's judgment to inspect node policies and execution state — which could lead to unexpected changes if the agent is allowed to act autonomously. Recommendations before installing: (1) Run in a staging/test environment first. (2) Require human confirmation for any changeable operations (use the guardrail already stated). (3) Ask the skill author for concrete commands, exact paths/configs the skill will inspect, and example validation checks. (4) Ensure the agent does not have access to unrelated credentials or production-only control planes. If you need stronger assurance, prefer a version that enumerates the exact read/write actions the agent will perform and explicitly names the systems/configs it will access.

Like a lobster shell, security has layers — review code before you run it.

latestvk97f7mgzmyq8azf19sxge2m2vx823c76

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments