ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Proactive Trigger

v0.4.0

主动触发引擎v4:基于兴趣衰减、沉默检测、话题热度,决定何时进行主动干预。触发条件:用户沉默、兴趣衰减、主动干预时机成熟。

0· 51·0 current·0 all-time
byLouis Z.@zhaoguoqiang-hub·duplicate of @zhaoguoqiang-hub/value-aware-guard
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description match the code: it implements a proactive trigger/decision engine (topic heat, silence index, cooldowns, signal handling). It reasonably reads/writes local state and integrates with an optional 'openclaw' CLI; no unrelated cloud credentials or external services are requested.
!
Instruction Scope
SKILL.md is minimal (CLI invocation examples) and does not fully call out that the skill will read/write persistent state under ~/.openclaw/workspace/.soul, append logs and signal files, and may invoke an external CLI. The runtime code will process arbitrary 'signals' (payloads) and use those values when building commands for execSync, which could lead to command injection if inputs are malicious or untrusted.
Install Mechanism
No install spec provided (instruction-only in registry), but a package.json and package-lock.json are included — the module expects npm dependencies (date-fns, commander, chalk). There are no remote downloads or obscure URLs; typical npm install from registry is expected. The lack of an explicit install step in SKILL.md is a minor mismatch (user is advised in test script to run npm install).
Credentials
The skill requests no env vars or credentials. It does rely on process.env.HOME to determine workspace (defaults to /tmp if unset) and intentionally reads/writes files under ~/.openclaw/workspace/.soul and logs. That is proportional for a local stateful trigger engine, but users should be aware of the filesystem footprint and location.
!
Persistence & Privilege
The skill persists state and logs under the user's HOME and registers periodic behavior via config (processSignalsOnStartup, signalProcessingInterval). always:false (good). However, because it can execute the external 'openclaw' CLI via execSync and constructs shell commands by interpolating parameter values, combined with autonomous invocation allowed by the platform, there is a non-trivial blast radius if malicious inputs reach the CLI invocation path.
What to consider before installing
What to check before installing: - Understand where it writes: it stores state, signals and logs at ~/.openclaw/workspace/.soul (or /tmp fallback). If you want to limit exposure, run it in a sandbox or container and inspect that directory. - Review the code paths that call external commands: openclaw-tool calls execSync with interpolated parameters. If an openclaw CLI is present, untrusted signal payloads could lead to shell injection. Consider removing/locking out the OpenClaw CLI or running with limited privileges. - If you will run npm install, prefer doing so in an isolated environment and review package.json. The dependencies are standard (date-fns, commander, chalk) and there are no external download URLs. - Audit where signals originate in your agent/system. If external/untrusted sources can create signals or payload fields, make sure to sanitize them or disable CLI invocation (check openclaw-tools.js callTool) before enabling automatic processing. - Run the included tests (npm test) in a safe environment, inspect generated files, and consider setting processSignalsOnStartup=false in the config until you’re confident about behavior. If you need, I can point to the exact lines that create the command-injection risk and suggest concrete code fixes (use child_process.spawn with argument array, or strictly validate/escape inputs).
scripts/openclaw-tools.js:20
Shell command execution detected (child_process).
scripts/utils/openclaw-tools.js:20
Shell command execution detected (child_process).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk979e9p4dad22mqkddepjxajss842ajx

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments