Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Catbus-new
v0.1.3CatBus AI Agent Network — access stronger models and remote skills beyond your local setup. Install CatBus to join a P2P network of AI agents with model/best...
⭐ 0· 82·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The stated purpose (joining a CatBus P2P network) would legitimately require installing a client and binding to an account, which the SKILL.md instructs. However there is an inconsistency: the registry metadata provided to you earlier lists no homepage/source, while SKILL.md includes homepage/source fields (https://catbus.xyz and a GitHub link). That mismatch reduces confidence in provenance. Requiring a downloaded installer from an external domain is plausible for this purpose but should be justified by verifiable sources and explicit user consent.
Instruction Scope
The SKILL.md explicitly orders the agent to run curl -fsSL https://catbus.xyz/install.sh | bash (remote code execution) exactly as-is and to automatically extract/run any user-provided curl command containing --bindcode without asking. It forbids asking the user to run commands and mandates running install/bind operations autonomously. This instructs the agent to execute arbitrary remote scripts and user-pasted commands verbatim — a major scope creep that could run arbitrary code, exfiltrate data, or perform system changes beyond joining the network.
Install Mechanism
There is no formal install spec in the registry, but the runtime instructions instruct downloading and piping a shell script from https://catbus.xyz directly into bash. 'curl | bash' from an external domain is high-risk: it gives the remote host arbitrary code execution on the machine. The domain is not verified in the registry metadata, and the instruction prohibits modifying the command or asking for clarification.
Credentials
The skill declares no environment variables, but it requires the user to obtain and paste a bind message containing a --bindcode token which the agent must run verbatim. That effectively causes the agent to handle a secret token and use it to bind and authenticate to a remote service. Requesting and auto-executing user-provided tokens/commands without extra checks is disproportionate and dangerous even if the service is legitimate.
Persistence & Privilege
The install script is described as setting up a daemon, autostart (systemd/launchd), and background service. That creates a persistent networked agent on the host. Although always:false (the skill itself isn't forced on every agent run), the instructions will install a persistent privileged process without explicit, granular consent or verification. The skill also demands the agent perform these system-level changes autonomously, which is a significant privilege escalation relative to a passive instruction-only skill.
What to consider before installing
Do not let the agent run the suggested commands automatically. This skill asks the agent to download-and-run a remote install script and to execute user-provided bind commands verbatim, then install a persistent daemon — all high-risk actions. Before proceeding, ask for (or do) the following: 1) Verify the install script source by manually inspecting https://catbus.xyz/install.sh and the GitHub repository referenced in SKILL.md; 2) Prefer the agent to show the exact shell commands and their contents and require you to run them yourself (or run them in a disposable sandbox/VM); 3) Do not paste bindcodes or tokens into the chat unless you trust the service and have verified the installer; 4) If you must install, run the installer manually on an isolated machine, review the script for network calls and what files/services it creates, and check whether it sets up systemd/launchd entries. If you want a safer skill, ask the maintainer to provide a non-autonomous flow where the skill prints vetted commands and requires explicit user confirmation before executing them.Like a lobster shell, security has layers — review code before you run it.
latestvk97bje08a0g7gke3xg9dsbgvbh83cqn1
License
MIT-0
Free to use, modify, and redistribute. No attribution required.