ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Docs Feeder

v1.0.0

Automatically fetches comprehensive project documentation from built-in registries or URLs to assist AI agents in debugging and learning.

0· 630·1 current·1 all-time
by@zerone0x
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
Name/description (fetch project docs) align with the code's main behavior (fetching /llms*.txt, fallback to GitHub README). However the bundled registry includes a 'local' entry (/usr/lib/node_modules/clawdbot/docs) and the code supports reading arbitrary local paths defined in the registry. Reading local files is not obviously necessary for a general 'docs feeder' unless the user explicitly configures local docs; bundling such a path in the registry is unexpected and broadens the skill's capability.
!
Instruction Scope
SKILL.md documents registry/local entries and usage, but runtime instructions and the code will: fetch any URL you pass (or guess patterns), follow redirects, and read local filesystem paths listed in docs-registry.json. That means an agent invoking this skill can request internal URLs (e.g., 169.254.169.254 or intranet hosts) or cause the skill to read local files if a registry entry points at them — both are outside the narrow notion of 'public documentation fetching' and can expose sensitive data.
Install Mechanism
This is an instruction-only skill with bundled scripts (no install spec). Nothing is downloaded at install time and no external installers are invoked. The risk surface comes from the scripts themselves, not from install-time downloads.
Credentials
The skill requests no environment variables or credentials (proportionate). However, it can access local paths (via registry.local) and arbitrary network endpoints provided by the user/agent — this is an implicit capability that doesn't require credentials but may access sensitive system metadata or internal services.
Persistence & Privilege
always is false and the skill does not modify other skills or system-wide agent settings. It writes only when the user passes --save (to /tmp) or if registry contains local paths; otherwise it outputs results to stdout. Autonomous invocation is allowed by default (platform default) — factor this in with the other concerns.
What to consider before installing
This skill will fetch documentation from arbitrary URLs and can read local file paths if they appear in docs-registry.json. Before installing or invoking it: 1) Inspect and remove any 'local' entries in docs-registry.json (for example the included /usr/lib/... path) so the skill cannot read host files you don't expect. 2) Treat it as untrusted network code: avoid letting it run autonomously in environments with access to internal networks or cloud instance metadata (it will try any URL you pass or guess common patterns). 3) If you must use it, require explicit user invocation only and run it in a sandboxed agent executor with restricted network access. 4) Do not pass internal IPs/hostnames or sensitive internal URLs as arguments. If you want to be safer, prefer fetching docs manually (or whitelist specific domains) and avoid the automatic URL-guessing behavior.

Like a lobster shell, security has layers — review code before you run it.

latestvk97csxrsgr27sq6nkv5rh5rmy181evkq

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments