Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Remote Skill Installer
v1.0.1远程安装、管理和更新技能到指定Agent,支持批量导入、网络异常重试及安全校验防护。
⭐ 0· 66·0 current·0 all-time
bymumu@ysy88092144
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
Name/description match the observable behavior: the code fetches SKILL.md files from URLs and writes them into per-agent workspaces under ~/.openclaw/workspace-<agent>/skills/<skill>/. Required resources (network, filesystem write to home) are proportionate to the stated purpose.
Instruction Scope
SKILL.md instructs running the bundled Python script and setting optional env vars (https_proxy, OPENCLAW_SKILLS_HUB_BASE). The instructions reference only the installer’s workspace paths and proxy/hub configuration. However, the installer will download arbitrary SKILL.md content and save it verbatim to disk — it does not execute that content itself but later execution of installed skills (outside this installer) could be a downstream risk. The SKILL.md documentation suggests RSS/XXE protections, but the code contains no RSS parsing; this is a mismatch.
Install Mechanism
There is no external install spec; the package is distributed as a small Python script included in the skill bundle. No external archives or code downloads are executed during install. The script itself performs network fetches at runtime (to pull SKILL.md files), which is expected for an installer.
Credentials
The skill does not declare required credentials or config paths. It does read optional env vars (OPENCLAW_SKILLS_HUB_BASE and standard https_proxy) and offers writing to ~/.openclaw; these are reasonable for this tool. The registry metadata lists no required envs, but the SKILL.md and code rely on optional environment settings — this is not dangerous but should be noted.
Persistence & Privilege
The skill does not request always:true and does not modify other skills. It creates and writes files under ~/.openclaw only (per-agent workspace directories and .source.json), which is consistent with its purpose and not an elevated system privilege.
What to consider before installing
This tool mostly does what it says: it downloads SKILL.md files and stores them under ~/.openclaw workspaces. Before installing or importing skills, consider: 1) Verify sources — prefer official hub URLs and inspect downloaded SKILL.md files before enabling/executing them, because the installer saves files verbatim. 2) The code claims SSRF protection but the hostname check only blocks literal IP addresses; it does not perform DNS resolution to detect if a hostname resolves to a private IP, so SSRF protections are weaker than advertised. Treat custom URLs cautiously and consider restricting network egress. 3) The script computes and stores a SHA256-derived checksum but does not verify files against a known trusted signature — checksum is informational, not an authenticity check. 4) SKILL.md mentions XXE/RSS protections, but there is no RSS parsing code in the installer — that claim is misleading. 5) If you will use this in sensitive environments, prefer to: (a) audit the script locally, (b) run it in a restricted environment/container, (c) restrict which domains it may fetch from (allowlist), and (d) review any installed SKILL.md before enabling the skill. These gaps make the package suspicious but not outright malicious; the issues could be sloppy implementation or overpromising documentation rather than intentional misdirection.Like a lobster shell, security has layers — review code before you run it.
latestvk970mx9pd3mm936apnak0tcgas83h6b5
License
MIT-0
Free to use, modify, and redistribute. No attribution required.