Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Clawsec.Bak
v1.0.0Manage and interpret ClawSec Monitor v3.0, a proxy that inspects AI agent HTTP/HTTPS traffic, detects threats, and logs suspicious activity in real time.
⭐ 0· 56·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The SKILL.md claims to manage a local ClawSec Monitor proxy (start/stop, inspect threats, install a CA, run Docker), which is coherent with the description. However the skill bundle contains no code, no Docker files, and no homepage or source link — yet the instructions assume the presence of files like clawsec-monitor.py, Dockerfile.clawsec, and requirements.clawsec.txt. Required runtime tools (python3, docker, update-ca-certificates, sudo) are not declared. The absence of the referenced artifacts and provenance is an incoherence: the skill either expects the user to already have an external project installed, or it omits required files/metadata.
Instruction Scope
The instructions explicitly direct the agent/user to perform a full HTTPS MITM (generate a CA, install it into system trust stores, route HTTP(S)_PROXY env vars) and to inspect all agent traffic, including sensitive headers and payloads (API keys, private keys). That behavior is consistent with the stated purpose but is high-privilege and sensitive: installing a system-trusted CA affects all TLS on the machine and lets the proxy see secrets. The SKILL.md does not limit scope nor include safety/privacy guidance beyond logging and dedup rules. Also, the instructions assume running local scripts (python3 clawsec-monitor.py) which are absent from the package — the agent following these literal instructions would fail or try to fetch code from elsewhere (not specified).
Install Mechanism
There is no install spec (instruction-only), reducing the risk from automatic code installation. However the SKILL.md references building/running Docker Compose and installing Python dependencies (cryptography>=42.0.0) and expects filesystem artifacts. Because nothing is provided and no trusted download URLs or source repository are given, a user would need to obtain and run external code manually; that creates a provenance gap and increases risk if the user fetches unknown binaries from untrusted sources.
Credentials
The skill declares no required environment variables or credentials, but the runtime instructions instruct users to set HTTP_PROXY/HTTPS_PROXY and various CA-related env vars (REQUESTS_CA_BUNDLE, SSL_CERT_FILE, NODE_EXTRA_CA_CERTS, CURL_CA_BUNDLE). Those proxy/CA env vars are reasonable for a proxy, but the skill does not declare or document required binaries (python3, docker) nor the need for root/sudo to install a CA. The detection patterns include very sensitive matches (API keys, SSH/private keys, /etc files) — appropriate for a monitor but meaning the tool will see high-value secrets. There is no justification or guidance about data retention, secure handling of logs, or limiting collection, and no credentials are declared which might be expected for centralized logging or telemetry (but none are present).
Persistence & Privilege
The skill does not request 'always:true' and is user-invocable, which is normal. However the operational instructions require creating a local CA and (optionally) adding it to system trust stores, which is a persistent, system-wide change requiring administrative privilege. The skill also writes logs to /tmp/clawsec and suggests a persistent Docker volume. Those are sensible for the described monitor, but they are privileged actions that the package metadata does not surface — another provenance/privilege mismatch to be aware of.
What to consider before installing
This skill's documentation describes a full HTTPS MITM proxy that will intercept and log sensitive traffic (API keys, private keys, credentials). However the skill bundle contains no code, no Dockerfiles, and no source/homepage: you would need to obtain the ClawSec Monitor software elsewhere before any of these commands work. Before proceeding, verify the origin of the monitor binary/image and its checksums; do not install the CA into your system trust store unless you trust and have audited the code and understand the privacy implications. Prefer running the proxy in an isolated VM or disposable container, review and limit what agents/applications you route through it, and require explicit user approval before making system-trust changes. If the maintainer/link for the actual ClawSec Monitor is provided, request the source repository, build instructions, and integrity signatures and re-run an evaluation including the code.Like a lobster shell, security has layers — review code before you run it.
latestvk97d96wwa29yegckps2vbp6j6s83qb23
License
MIT-0
Free to use, modify, and redistribute. No attribution required.