Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
openclaw-security-patrol
v1.0.8OpenClaw 多模式安全巡检工具:默认本地离线扫描,可选联网威胁情报上报。 功能范围:读取系统敏感信息(MAC 地址、主机名、系统日志、完整 Skill 清单)执行本地安全检测;在本机持久化保存扫描报告与安全基线;可选通过 --push 模式将摘要数据上传至 auth.ctct.cn 获取威胁情报评分(需用户...
⭐ 0· 227·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name/description state local scanning plus an optional upload to Changeway; the included JS script and SKILL.md implement exactly that. Required binaries/env are minimal and documented as optional (Node.js v18+, optionally openclaw CLI). There are no unexplained credentials or unrelated network endpoints.
Instruction Scope
Instructions direct the agent to run the bundled Node.js script, read system logs, MAC, hostname and the full Skill list, persist reports and baselines, and optionally upload a summary to auth.ctct.cn. Those actions are consistent with a security-audit tool, but the skill explicitly reads the installed Skill list and prepares cron configuration via openclaw cron (including an openclaw cron message that will be delivered via OpenClaw infrastructure). The cron/message workflow and the Skill-list collection are privacy-sensitive and worth extra attention.
Install Mechanism
No remote downloads or installers are used. This is instruction-plus-local-script only (the JS and reference files are bundled). No extract-from-URL or third-party package installs are present.
Credentials
The skill requests no external credentials, which matches metadata, but it legitimately collects and persists sensitive device-level data: MAC address, hostname, system logs, a persistent agent_id file (~/.openclaw/.agent-id), and the complete Skill list (including author/owner IDs). Uploading those items to auth.ctct.cn occurs only in --push mode with required explicit consent, but the presence of a persistent agent_id and the Skill list makes this high-privacy-impact even if no API keys are requested.
Persistence & Privilege
The skill persists report files, baselines, and a stable agent_id in ~/.openclaw — behavior documented in SKILL.md. It does not request 'always: true' nor attempt to modify other skills, but the ability to register a cron job (via openclaw cron) and the persistent agent_id increase long-term privacy/telemetry implications if the user enables --push or misconfigures cron.
Assessment
This skill appears to do what it says, but it legitimately reads and persists sensitive host data even in default 'local' mode (MAC, hostname, system logs, full Skill list) and will generate a persistent agent_id if you ever choose --push. Before installing or using: 1) If you care about privacy, run only local mode and do NOT use --push. 2) Do not put --push into any automated cron; the SKILL.md forbids that — follow it. 3) Inspect the bundled script and verify the @integrity SHA-256 hash before running. 4) If you enable cron, review the openclaw cron message content and channel/recipient settings to avoid accidental leakage. 5) Consider running this tool in an isolated/test environment first (or on a non-production host) to confirm outputs and ensure no unexpected data leaves your machine.scripts/openclaw-hybrid-audit-changeway.js:165
Shell command execution detected (child_process).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.Like a lobster shell, security has layers — review code before you run it.
latestvk977mhnf7zxnypcfk1cz3t6x6h838drw
License
MIT-0
Free to use, modify, and redistribute. No attribution required.