Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Find Everything
v0.1.0跨平台资源搜索编排器。搜索 skill、MCP 服务器、提示词模板、开源项目。 覆盖 skills.sh、ClawHub、SkillHub、AI Skills Show、MCPServers.org、 prompts.chat、GitHub 等 14+ 个聚合站。 触发场景:用户说"找个xxx工具"、"有没有xx...
⭐ 0· 212·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description describe a search/aggregation tool; SKILL.md, registry.json, and references/ files implement that behavior. Requested capabilities (reading registry.json, running CLIs like gh/npx if available, calling MCP tools, doing websearch/WebFetch) are coherent with a cross-source search aggregator.
Instruction Scope
Instructions include running CLI commands (npx, gh, clawhub) and MCP/tool calls, performing WebFetch of remote repo files, installing packages into a temporary directory for scanning, and optionally modifying registry.json when user confirms. This is expected for a search/installer workflow, but it implies executing arbitrary third‑party code during explicit 'install' flows — user confirmation and review of scan output are relied upon.
Install Mechanism
There is no install spec (instruction-only), and the only included code is a deterministic scanner (scripts/security_scan.py) plus registry and checklist references. No downloads/install hooks are executed automatically by the skill itself; remote installs happen only when the user asks to 'install' a discovered resource (via npx/gh, etc.).
Credentials
The skill declares no required environment variables, credentials, or config paths. The runtime instructions reference checking for local CLIs/tools and using MCP tools available in-session — which is proportionate to the stated functionality.
Persistence & Privilege
always:false and no global privileges requested. The skill does write to its own registry.json when the user approves adding new sources (modifies files within its bundle). It may initiate installs/webfetch on user request — these are expected but carry execution risk that the user should acknowledge.
Scan Findings in Context
[ignore_instructions] expected: Pre-scan flagged 'ignore-previous-instructions' pattern in SKILL.md. The SKILL.md and references/security-checklist explicitly discuss prompt-injection patterns (including that phrase) as part of detection guidance, so this pattern appears to be referenced for defensive scanning rather than an attempt to override the agent.
Assessment
This skill looks internally consistent with its stated purpose, but be aware: (1) it will run local CLIs (gh, npx, clawhub) and MCP tools if available and will perform webfetches of remote repositories; (2) if you ask it to 'install' or to run a deep scan, it may download/install third‑party packages into a temporary directory (which can execute untrusted code) — review the security_scan.py results and the fetched files before proceeding; (3) the skill can modify its own registry.json to add new sources with your confirmation; (4) the SKILL.md references prompt‑injection patterns (flagged by pre-scan) for defensive purposes, but you should still review the skill and consider disabling autonomous invocation or requiring manual confirmation for installs or any operation that runs external code or writes files.references/security-checklist.md:11
Prompt-injection style instruction pattern detected.
About static analysis
These patterns were detected by automated regex scanning. They may be normal for skills that integrate with external APIs. Check the VirusTotal and OpenClaw results above for context-aware analysis.Like a lobster shell, security has layers — review code before you run it.
latestvk97cy03kc6cte2zfbkcmzergdx8361g7
License
MIT-0
Free to use, modify, and redistribute. No attribution required.