Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
getskill
v1.0.1用于 OpenClaw 的技能管理工具,支持从 getskill.work 仓库搜索、下载和更新技能文件。提供 CLI 和编程接口,通过 API 搜索技能、通过 Git 克隆仓库、将技能目录复制到 OpenClaw skills 目录,并提供 Git 安装引导。
⭐ 1· 81·0 current·0 all-time
byworkskills@zlei9
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill's name/description match the runtime instructions (search, git-clone, copy into ~/.openclaw/skills). However the registry metadata lists no required binaries/env vars while SKILL.md explicitly requires Node.js >=12 and Git, so the declared requirements are inconsistent with the documented runtime needs.
Instruction Scope
Instructions tell the agent to clone arbitrary Git repos and copy them into ~/.openclaw/skills (expected for this purpose), but also instruct automatic downloading/installation of Git on Windows (and running installers) without specifying trusted sources. The skill also supports configuring a custom API endpoint (GETSKILL_BASE_URL) — that allows pointing the tool at arbitrary servers which then supply Git URLs to be cloned. Those capabilities expand the attack surface and require user scrutiny.
Install Mechanism
The skill is instruction-only (no install spec), but SKILL.md directs installing an npm package (@workskills/getskill) or pnpm global package. The registry provides no install artifact or source link; installing an external npm package is plausible but the instructions lack integrity checks or provenance (homepage/source repo not provided).
Credentials
Registry metadata declares no required env vars, yet SKILL.md documents and uses GETSKILL_BASE_URL to override API endpoints. The undocumented env var is legitimate for customization, but it is not declared and can be used to redirect API calls to arbitrary hosts — a potential vector for supplying malicious Git repositories.
Persistence & Privilege
The skill does not request always:true and does not claim elevated platform-wide privileges. It will write into the user's home (~/.openclaw/skills and skills-cache) and may run system installers (Git) per instructions — actions within its purpose but requiring permission and user oversight.
What to consider before installing
This skill appears to do what it says (search/clone/copy skills) but has a few red flags you should address before installing: 1) SKILL.md requires Git and Node.js but the package metadata lists none — make sure Git and Node are present and install them yourself from trusted sources rather than letting an automated installer run. 2) The instructions tell you to install an npm package (@workskills/getskill) from an unknown source — review that package's npm page and source code (or prefer installing only from verified publishers). 3) The tool supports a GETSKILL_BASE_URL override that can point to any server; only use endpoints you trust because the server controls which Git repositories the tool will clone into your home directory. 4) If you install, prefer to manually run commands (git clone, inspect repo contents) rather than allowing an automated agent to download and run installers or clone and copy repositories without your manual review. If you want to proceed, verify the npm package and host (getskill.work) provenance and consider running in a sandbox or with limited privileges first.Like a lobster shell, security has layers — review code before you run it.
latestvk97ap743sqx4bvf76s30xwm6sx83ww84
License
MIT-0
Free to use, modify, and redistribute. No attribution required.