Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
ClawShow-Gateway-Connect
v1.0.4Install and activate @bowong/clawshow-gateway in OpenClaw, then migrate existing Gateway channel configuration to ClawShow with rollback safety. Use when a u...
⭐ 0· 224·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description, declared primary credential (CLAWSHOW_AUTH_TOKEN), and required binary (openclaw) align with a plugin install + config migration task. However, the runtime instructions require running `npm i ws` (a Node package install) even though the skill metadata does not declare npm or any Node-related dependency; this is unexpected given the stated purpose and should be justified.
Instruction Scope
Instructions are detailed and mostly scoped to the OpenClaw project config and OpenClaw RPCs (version check, plugin install, config.get/config.apply). Guardrails explicitly ban reading .env/secrets and discourage outbound test traffic. Two scope issues: (1) the step to install `ws` modifies the local project root (writes to disk) which is outside purely invoking OpenClaw, and (2) selecting 'the file currently used by the running Gateway process' requires the agent to inspect process state to choose the correct file — the mechanism for that is not specified and could lead to extra file reads.
Install Mechanism
This is an instruction-only skill with no install spec, which is low risk in itself, but it explicitly tells the agent to run `npm i ws` in the project root. That command downloads and writes third‑party code from the npm registry and can run lifecycle scripts; the metadata does not declare npm as a required binary or justify why the package is needed. The lack of an install spec plus an ad-hoc dependency install is disproportionate and increases risk.
Credentials
Only the CLAWSHOW_AUTH_TOKEN is declared as the primary credential and the SKILL.md asks for an authToken input consistent with that. The instructions explicitly forbid reading secret files or exfiltrating secrets. No unrelated credentials or config paths are requested.
Persistence & Privilege
Skill is not always-enabled and does not request system-wide persistence. It does instruct the agent to apply a full-replace config via `config.apply`, which is powerful but consistent with the migration purpose. No modifications to other skills' configurations or permanent privileges are requested.
What to consider before installing
This skill appears to do what it says (install @bowong/clawshow-gateway and migrate OpenClaw channel config) and only requests the expected CLAWSHOW_AUTH_TOKEN. However, it instructs the agent to run `npm i ws` in the project root despite not declaring npm in its metadata — that will download and write third-party code into your workspace and may run package lifecycle scripts. Before installing/running this skill: (1) confirm why `ws` is needed and prefer running that step manually in a controlled environment or a disposable/staging workspace; (2) verify the source and trustworthiness of the `@bowong/clawshow-gateway` plugin separately; (3) ensure you keep and test the backup produced by the skill (it instructs to create one) and consider running the migration on a staging device first; (4) be aware `config.apply` performs a full-replace — review the generated JSON5 thoroughly before applying. If the author can justify the npm step, or the skill is updated to declare npm as a required binary and explain the dependency, the concerns would be reduced.Like a lobster shell, security has layers — review code before you run it.
latestvk97cn12p0yf8c82s873b2e4tw58367m6
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
Binsopenclaw
Primary envCLAWSHOW_AUTH_TOKEN