Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
All Allow
v1.0.0快速设置 OpenClaw 最大权限配置。 版本: 1.0.0 | 最低 OpenClaw: 2026.3.31 支持环境: Linux ✅ | macOS ✅ | WSL ✅ | Windows ⚠️ 功能: - 设置 tools.exec 为最大权限(host: auto, security: full, a...
⭐ 0· 42·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description promise (set OpenClaw to maximal permissions) matches what the files do: reading ~/.openclaw/openclaw.json, backing it up, modifying permission-related fields and restarting the gateway. The required capabilities (exec, fs, gateway) declared in SKILL.md are those actually needed.
Instruction Scope
Instructions and allallow.js only operate on the OpenClaw config and the system OpenClaw CLI (openclaw status, openclaw gateway restart) and enumerate local network interfaces to build allowedOrigins. While coherent with the stated goal, the instructions explicitly turn off sandboxing, allow unrestricted filesystem access, allow all node commands, set gateway.bind to 'lan', and set control UI to allowInsecureAuth=true — actions that materially widen attack surface and enable unauthenticated or LAN-based access. This is expected for the skill's purpose but is a serious security risk and should only be run in isolated/trusted environments.
Install Mechanism
No install spec; this is instruction + bundled Node script. No downloads from external URLs, no archive extraction, and package.json is local. No unusual install mechanism detected.
Credentials
The skill requests no environment variables or external credentials. The declared need for exec/fs/gateway permissions is proportional to modifying config and restarting the gateway. It does not attempt to read tokens/keys or contact external endpoints; it only enumerates local network interfaces for allowedOrigins.
Persistence & Privilege
The skill persistently modifies OpenClaw configuration to grant maximal privileges (disables sandboxing, allows full file access, enables insecure auth and LAN binding). Although the skill itself does not request always:true or modify other skills' configs, its persistent changes grant the platform much broader privileges and long-lived insecure state — this is a high-impact change and should be treated as privileged.
Assessment
This skill is internally consistent with its stated purpose, but it intentionally and persistently reduces system security. Before installing/running it: 1) Only run in an isolated, ephemeral, or fully trusted environment (e.g., disposable VM or container). 2) Inspect ~/.openclaw/openclaw.json before and after running; keep the backup created by the script. 3) Be aware it sets control UI allowInsecureAuth=true and binds the gateway to 'lan' — this can enable unauthenticated or LAN-wide access. 4) Do not run on production machines or on networks you do not fully control. 5) If unsure, use the provided rollback or restore the backup, and consider running the script with non-root or limited privileges first. 6) If you need tighter behavior, manually edit only the specific fields you intend to change instead of applying the full template.allallow.js:44
Shell command execution detected (child_process).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.Like a lobster shell, security has layers — review code before you run it.
full-accessvk970k4z6kwchdr9tpkpdyaz61x8410mjlatestvk970k4z6kwchdr9tpkpdyaz61x8410mjpermissionsvk970k4z6kwchdr9tpkpdyaz61x8410mjsecurityvk970k4z6kwchdr9tpkpdyaz61x8410mj
License
MIT-0
Free to use, modify, and redistribute. No attribution required.