{ "trust": { "tier": "Dangerous", "emoji": "🔴", "description": "Multiple critical issues — do not install without thorough manual review", "score": 20 }, "format": "skill", "skill": { "name": "OpenClaw Setup", "description": "This skill should be used when the user asks to \"install OpenClaw\", \"setup OpenClaw\", \"configure OpenClaw\", \"start OpenClaw gateway\", \"部署 OpenClaw\", or needs help with OpenClaw installation, configuration, and initial setup on Windows/macOS/Linux systems. By ModelWise team.", "version": "1.0.0", "slug": "modelwise-openclaw-setup" }, "scores": { "security": 0, "transparency": 6, "maintenance": 9, "overall": 2 }, "permissions": { "summary": "No declared permissions — minimal attack surface.", "environmentVariables": [], "binaries": [], "envVarCount": 0, "requiredBinCount": 0 }, "compoundThreats": [ { "id": "credential_theft", "severity": "high", "description": "Accesses credentials AND sends data externally — potential credential theft", "capabilities": [ "credential_access", "network_out" ], "owasp": [ "LLM02" ], "owaspAsi": [ "ASI03" ] } ], "permissionIntegrity": [ { "type": "undeclared_capability", "severity": "high", "description": "Makes network requests but does not declare curl/wget in required binaries", "declared": [], "actual": "network_out", "owasp": [ "LLM06" ], "owaspAsi": [ "ASI02" ] }, { "type": "undeclared_capability", "severity": "high", "description": "Code accesses API keys/tokens but declares no environment variables", "actual": "credential_access", "owasp": [ "LLM06" ], "owaspAsi": [ "ASI02" ] }, { "type": "opaque_dependency", "severity": "medium", "description": "Installs packages at runtime — transitive dependencies are not auditable", "actual": "package_install", "owasp": [ "LLM03" ], "owaspAsi": [ "ASI04" ] } ], "capabilities": [ "network_out", "package_install", "credential_access" ], "findings": [ { "severity": "critical", "category": "shell_injection", "description": "Pipe-to-shell pattern (curl | sh) — supply chain attack vector", "zone": "code", "zoneContext": "instruction", "file": "SKILL.md", "downgraded": false, "sample": "curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.40.1/install.sh | bash", "owasp": [ "LLM05", "LLM06" ], "owaspAsi": [ "ASI02", "ASI05" ], "confidence": "pattern" }, { "severity": "high", "category": "filesystem", "description": "Accesses shell history/config", "zone": "code", "zoneContext": "instruction", "file": "SKILL.md", "downgraded": false, "sample": "~/.zshrc", "owasp": [ "LLM06" ], "owaspAsi": [ "ASI02" ], "confidence": "pattern" }, { "severity": "critical", "category": "shell_injection", "description": "Pipe to bash — executes piped content as shell commands", "zone": "code", "zoneContext": "instruction", "file": "SKILL.md", "downgraded": false, "sample": "| bash", "owasp": [ "LLM05", "LLM06" ], "owaspAsi": [ "ASI02", "ASI05" ], "confidence": "pattern" }, { "severity": "high", "category": "filesystem", "description": "Accesses OpenClaw config/secrets directly", "zone": "code", "zoneContext": "instruction", "file": "SKILL.md", "downgraded": false, "sample": "~/.openclaw/openclaw.json", "owasp": [ "LLM06" ], "owaspAsi": [ "ASI02" ], "confidence": "pattern" }, { "severity": "critical", "category": "credentials", "description": "Possible hardcoded credential", "zone": "code", "zoneContext": "instruction", "file": "SKILL.md", "downgraded": false, "sample": "Token: \"YOUR_BOT_TOKEN", "owasp": [ "LLM02" ], "owaspAsi": [ "ASI03" ], "confidence": "pattern" }, { "severity": "high", "category": "agent_manipulation", "description": "Downloads executables from external URLs", "zone": "code", "zoneContext": "instruction", "file": "SKILL.md", "downgraded": false, "sample": "install from https://", "owasp": [ "LLM01", "LLM03", "LLM06" ], "owaspAsi": [ "ASI01", "ASI04", "ASI06" ], "confidence": "pattern" }, { "severity": "high", "category": "shell_injection", "description": "References sudo — requests elevated privileges", "zone": "code", "zoneContext": "instruction", "file": "SKILL.md", "downgraded": false, "sample": "sudo", "owasp": [ "LLM05", "LLM06" ], "owaspAsi": [ "ASI02", "ASI05" ], "confidence": "pattern" }, { "severity": "medium", "category": "shell_injection", "description": "Changes file ownership", "zone": "code", "zoneContext": "instruction", "file": "SKILL.md", "downgraded": false, "sample": "chown ", "owasp": [ "LLM05", "LLM06" ], "owaspAsi": [ "ASI02", "ASI05" ], "confidence": "pattern" }, { "severity": "critical", "category": "shell_injection", "description": "Recursive delete from root or home — destructive command", "zone": "code", "zoneContext": "instruction", "file": "SKILL.md", "downgraded": false, "sample": "rm -rf ~", "owasp": [ "LLM05", "LLM06" ], "owaspAsi": [ "ASI02", "ASI05" ], "confidence": "pattern" }, { "severity": "medium", "category": "network", "description": "Opens WebSocket connection", "zone": "code", "zoneContext": "instruction", "file": "references/configuration-reference.md", "downgraded": false, "sample": "WebSocket", "owasp": [ "LLM02", "LLM06" ], "owaspAsi": [ "ASI03", "ASI07" ], "confidence": "pattern" }, { "severity": "high", "category": "network", "description": "HTTP request to bare IP address — common in malicious payloads", "zone": "code", "zoneContext": "instruction", "file": "references/configuration-reference.md", "downgraded": false, "sample": "http://127.0.0.1", "owasp": [ "LLM02", "LLM06" ], "owaspAsi": [ "ASI03", "ASI07" ], "confidence": "pattern" } ], "summary": { "total": 11, "critical": 4, "high": 5, "medium": 2, "low": 0, "compoundThreats": 1, "integrityIssues": 3 }, "trustSignals": { "positive": [ { "signal": "versioned", "positive": true, "detail": "Version 1.0.0" }, { "signal": "described", "positive": true, "detail": "Has meaningful description" }, { "signal": "documented", "positive": true, "detail": "SKILL.md has substantial documentation" } ], "negative": [ { "signal": "undeclared_env", "positive": false, "detail": "Uses credentials in code but declares no env vars" }, { "signal": "opaque_deps", "positive": false, "detail": "Installs packages at runtime — transitive dependencies are unauditable" } ] }, "files": { "hasExecutableCode": true, "executableFiles": [ "publish.sh", "scripts/check-installation.sh" ], "totalFiles": 7 }, "humanSummary": "OpenClaw Setup scores 20/100 (Dangerous). It declares no permissions. 2 undeclared capabilities detected — the skill does more than its permissions suggest. 4 critical pattern matches in code.", "auditedAt": "2026-04-23T03:40:05.764Z", "vtEnrichment": { "checked": 3, "flagged": 0, "urls": [ { "url": "https://api.anthropic.com", "malicious": 0, "suspicious": 0, "engines": 91, "cached": true }, { "url": "https://ark.cn-beijing.volces.com/api/coding/v3", "malicious": 0, "suspicious": 0, "engines": 95, "cached": true }, { "url": "https://api.openai.com/v1", "malicious": 0, "suspicious": 0, "engines": 91, "cached": true } ] } }