ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

复制学习别人养好的 OpenClaw

v1.0.0

Clone and learn from a well-trained OpenClaw instance. Use when: (1) User wants to copy someone else's OpenClaw configuration, (2) User wants to learn from a...

0· 81·0 current·0 all-time
byAche@zhmza
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (clone & learn OpenClaw) align with behavior: the SKILL.md and clone-learn.sh focus on importing backups, copying skills/experts/memory, creating expert profiles, and invoking skillhub/openclaw where appropriate. Required capabilities (file copy, tar, git/scp, skillhub, openclaw restart) match the stated tasks.
Instruction Scope
Instructions and the script perform direct filesystem changes under ~/.openclaw, extract tar.gz backups, and optionally run git clone/scp and skillhub install. These are consistent with cloning/migration but do grant broad read/write access to the OpenClaw workspace and can overwrite configs—user consent and backups are recommended. The SKILL.md does not instruct reading unrelated system files or exfiltrating data.
Install Mechanism
This is an instruction-only skill with an included shell script; there is no packaged install spec or remote arbitrary download step. The script invokes common system tools (tar, cp, git) but does not itself download and execute arbitrary archives from non-standard endpoints.
Credentials
The skill declares no required environment variables or credentials. The runtime uses network tools (git, scp) and calls skillhub/openclaw if present, which is proportional to importing remote backups and installing skills. No unrelated credentials or config paths are requested.
Persistence & Privilege
always is false and the skill does not request permanent platform-level privileges. It writes only to the user's ~/.openclaw workspace and creates backups for SOUL.md/MEMORY.md. It does not modify other skills' configs beyond copying files into workspace directories (expected for migration).
Assessment
This skill is coherent with its stated purpose, but it performs file writes and may overwrite your OpenClaw workspace. Before using: 1) make full backups of ~/.openclaw (especially SOUL.md and MEMORY.md); 2) only import backups or remote repos from trusted sources; 3) inspect any skills you import (they may call external services or run code when installed); 4) prefer selective import rather than blind copy and run in a test environment first; 5) be cautious when enabling non-interactive installs (skillhub install) or running the 'stealth-browser' or similarly named skills which may have additional network behavior.

Like a lobster shell, security has layers — review code before you run it.

latestvk97e4faqjejkk0qj3qbtvtad9583vw03

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments