ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Lossless Claw Skill

v1.0.0

Skill completo para lossless-claw (LCM). Incluye instrucciones para instalar el plugin automáticamente.

1· 139·0 current·0 all-time
by@yejay7
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the instructions: the SKILL.md describes and instructs installing and using the lossless-claw plugin and the lcm_* tools. It does not request unrelated credentials, binaries, or system access.
Instruction Scope
Instructions tell the agent to run openclaw CLI commands (plugins list/install, gateway restart) and to inspect a local SQLite DB path (/mnt/data/...). Those actions are within scope for installing and using the plugin, but they involve filesystem checks and a service restart — operations that have operational impact and should be run with user consent.
Install Mechanism
The skill is instruction-only (no install spec), which is low risk. It tells the agent to run 'openclaw plugins install @martian-engineering/lossless-claw' — installing a plugin will download/execute external code via OpenClaw's plugin system. This is expected for a plugin wrapper, but the actual plugin source should be verified before installation.
Credentials
The skill requests no environment variables or credentials. It references a local DB path which is consistent with a memory/context plugin. No disproportionate or unrelated secrets are requested.
Persistence & Privilege
The skill does not request always:true or other elevated platform privileges. It instructs potentially disruptive actions (plugin install and gateway restart) but does not persist beyond normal plugin installation behavior. Recommend requiring explicit user confirmation before performing installations or restarts.
Assessment
This skill is internally consistent and documents how to install and use the lossless-claw plugin, but before letting an agent install it automatically you should: 1) verify the plugin package name and its upstream repository (the skill lists a GitHub URL) to ensure it’s the expected project; 2) inspect the plugin code or release artifacts (or review its README/commit history) if you can; 3) back up important state (the OpenClaw workspace/DB) because the flow includes a gateway restart; 4) prefer to run the install command yourself rather than granting silent automatic installs; and 5) confirm /mnt/data is a local path and not a mounted network location if data residency matters.

Like a lobster shell, security has layers — review code before you run it.

contextvk97b6tvrydfc8ez4z02h8aamc9840cg2latestvk97b6tvrydfc8ez4z02h8aamc9840cg2lcmvk97b6tvrydfc8ez4z02h8aamc9840cg2memoryvk97b6tvrydfc8ez4z02h8aamc9840cg2

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments