ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

CLI-Hub Skill for CLI-Anything

v1.0.0

Discover agent-native CLIs for professional software. Access the live catalog to find tools for creative workflows, productivity, AI, and more.

0· 496·5 current·5 all-time
byYuhao@yuh-yang
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name and description match the SKILL.md: the skill is a catalog/hub for agent-native CLIs and the instructions point to a catalog and a GitHub repository with pip install commands. The requested capabilities (fetch a catalog, install tools) align with the stated purpose.
Instruction Scope
Instructions are focused on fetching a remote catalog (https://hkuds.github.io/CLI-Anything/SKILL.txt) and running pip install commands that pull code from a GitHub repository. The instructions do not ask for unrelated files, environment variables, or credentials. However, they grant the agent discretion to install arbitrary packages referenced in the catalog, which increases runtime risk.
Install Mechanism
There is no registry install spec (instruction-only). The SKILL.md recommends 'pip install git+https://github.com/HKUDS/CLI-Anything.git#subdirectory=<software>/agent-harness' — installing directly from a GitHub repo is traceable and common, but it results in installing and executing third-party code from an external source. This is expected for a catalog-of-CLIs but is a higher-risk action than, e.g., using verified OS packages or pinned releases.
Credentials
The skill declares no required environment variables, credentials, or config paths, and the instructions do not reference secrets. The lack of requested credentials is proportionate to a discovery/cataloging skill.
Persistence & Privilege
Skill flags are default: not always-included, user-invocable, model invocation enabled. There is no indication the skill requests permanent elevated presence or modification of other skills or system-wide configs.
Assessment
This skill is coherent: it points to a catalog and tells the agent how to install CLIs from a GitHub repo. The main risk is that following its instructions will install and run third-party Python packages from GitHub (arbitrary code). Before installing anything discovered via this hub: 1) inspect the catalog (open the SKILL.txt) and review the exact pip install URL (prefer pinned commit hashes or tagged releases rather than raw branches); 2) inspect the target repository/subdirectory contents (setup metadata, entry points); 3) run installations in an isolated environment (virtualenv, container, sandbox) and avoid installing as root; 4) restrict network privileges and secrets while testing; 5) only install CLIs from authors or organizations you trust. If you need higher assurance, ask the skill author for signed releases or package hashes and prefer packages published to vetted package indexes.

Like a lobster shell, security has layers — review code before you run it.

latestvk9703xjvy80mm85p69qmyx9xa583hj0v

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments