by 安全扫描
OpenClaw
可疑
medium confidenceThe skill mostly does what it says (stage, scan, promote), but several claims and safeguards are misleading or incomplete—most notably it is not a true sandbox, it invokes external tooling and network installs, and it fails to declare required binaries/dependencies.
评估建议
This skill appears to implement a staging-and-scan workflow, but several mismatches mean you should be cautious before using it as your safety guard: 1) It is not a true sandbox — the script runs 'clawhub install', which will perform network installs and may execute target skill install/postinstall hooks on your host. Run this in an isolated VM/container if you want protection. 2) The SKILL.md claims 'no network calls' and 'no external dependencies', which is false: ensure the host has and trust...详细分析 ▾
⚠ 用途与能力
Name/description claim a 'sandboxed' installation pipeline and 'no network calls / no external dependencies', but the script calls an external 'clawhub' installer (which will perform network operations and may run package install scripts) and relies on tools like jq/file/grep. The required binaries/environment are not declared, so requested actions are disproportionate to the metadata.
⚠ 指令范围
SKILL.md instructs the agent to run the included shell script which runs 'clawhub install' into a staging dir. That installer can execute a target skill's install/postinstall hooks on the host (not in an isolated container), so the actual runtime behavior can execute arbitrary code outside the intended scan. The script does not create a true sandbox (no chroot/namespace/container), and SKILL.md's 'no network calls' claim is inaccurate.
✓ 安装机制
There is no external install spec for this skill itself (instruction-only with an included script), so nothing is downloaded by the skill at install time. The risk comes from the script invoking external installers (clawhub) at runtime rather than from an installer URL embedded in the skill.
⚠ 凭证需求
The skill declares no required env vars or binaries, yet the script expects OPENCLAW_WORKSPACE (optional), and depends on external binaries (clawhub, jq, file, grep, find, sed, mv, rm, etc.) and on network access. It also provides a --force option to bypass VirusTotal flags which can override upstream protections—this capability is powerful and not justified in the metadata.
ℹ 持久化与权限
always:false and no autonomous-disable flags—normal. The script can move staged skills into the live skills directory (promote) and will replace existing live skills; that is expected for a promote tool but be aware it can overwrite live skills when invoked with --promote. It does not request persistent platform-wide privileges or modify other skills' configs programmatically.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
安装命令
点击复制官方npx clawhub@latest install skill-sandbox
镜像加速npx clawhub@latest install skill-sandbox --registry https://cn.longxiaskill.com