Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Agent Marketplace
v0.1.0Agent Marketplace enables skill discovery, rating, version control, dependency management, and installation with conflict detection and rollback support.
⭐ 0· 35·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
Name/description (Agent Marketplace) align with the code and SKILL.md. The modules implement catalog, registry access, search, rating, installation, dependency resolution and rollback — all expected for a marketplace. No surprising credentials, binaries, or unrelated capabilities are requested.
Instruction Scope
SKILL.md instructs normal marketplace usage (search, getSkill, install, rate). Runtime behavior (from the code) includes remote registry requests, caching, writing a local cache and writing installed skill files (package.json, index.js if provided) into installDir and cache directories. The instructions do not ask for unrelated files or secrets, but the installer will fetch and persist remote code which broadens the agent's runtime scope (network I/O + filesystem writes).
Install Mechanism
This skill is instruction-only (no platform-level install spec). The code performs HTTP(S) requests to the configured registry (default https://clawhub.com/registry) and may download arbitrary package blobs via skill.downloadUrl. Fetched responses are cached and written to disk. This is expected for a marketplace, but fetching arbitrary URLs and writing code to disk is a higher-risk action if the registry or download URLs are untrusted.
Credentials
The skill declares no required environment variables, credentials, or config paths. Code stores local data under configurable directories (dataDir/cacheDir, installDir, backupDir) and records user preferences/ratings; it does not request external tokens. The lack of secret requirements is proportionate to the described functionality.
Persistence & Privilege
always is false and model invocation is allowed (default). The skill persists only under its own directories (.marketplace-cache, installDir './skills' by default) and manages its own installed/history files. It does not modify other skills' configurations or request system-wide privileges in the codebase provided.
Assessment
This package appears to implement a legitimate agent marketplace, but it will reach out to a remote registry and can download and write code to your filesystem (default installDir './skills' and cache './.marketplace-cache'). Before installing or running it: 1) Verify and trust the registry URL (change it from the default if necessary). 2) Run it in an isolated environment or container and set installDir/dataDir to a folder with limited privileges. 3) Review any downloaded skill code before executing it — the installer writes package.json and index.js files (or arbitrary blobs fetched from skill.downloadUrl). 4) If you operate in a sensitive environment, prefer a private/local registry and enable auditing of cached/install files. 5) Note there are no requested credentials, so no secrets appear to be exfiltrated by default; however, a compromised registry or malicious downloadUrl could deliver harmful code — treat remote sources as untrusted unless you control or verify them.src/registry.js:30
File read combined with network send (possible exfiltration).
src/search.js:29
File read combined with network send (possible exfiltration).
About static analysis
These patterns were detected by automated regex scanning. They may be normal for skills that integrate with external APIs. Check the VirusTotal and OpenClaw results above for context-aware analysis.Like a lobster shell, security has layers — review code before you run it.
latestvk97fbsmrj0z74nph024er5cz3583z4hy
License
MIT-0
Free to use, modify, and redistribute. No attribution required.