Skills in ClawSec catalog flagged as suspicious/malicious by ClawHub scanner

[opensaysmeclaw-afk]

Description:

We installed the ClawSec suite and attempted to install additional recommended skills from the catalog. Two skills triggered ClawHub's security scanner warnings:

1. clawsec-scanner (v0.0.2) — Blocked as malware (cannot install even with --force)
2. clawsec-clawhub-checker (v0.0.1) — Flagged as suspicious (requires --force to install)

Both skills are listed in the official catalog at https://clawsec.prompt.security/skills/index.json with trust: null.

ClawHub installation output:

npx clawhub@latest install clawsec-scanner
✖ Blocked: clawsec-scanner is flagged as malicious
Error: This skill has been flagged as malware and cannot be installed.

npx clawhub@latest install clawsec-clawhub-checker
⚠️  Warning: "clawsec-clawhub-checker" is flagged as suspicious by VirusTotal Code Insight.
This skill may contain risky patterns (crypto keys, external APIs, eval, etc.)
Review the skill code before use.
Error: Use --force to install suspicious skills in non-interactive mode

Static analysis of clawsec-clawhub-checker:

We manually reviewed the code after forced installation. Key findings:

• Uses spawnSync extensively (to run clawhub inspect, test installs)
• Performs file operations (fs.copyFile, fs.writeFile, fs.readFile)
• Patches the suite's hook handler by string manipulation
• No eval(), no hardcoded credentials, no direct network calls, no base64 obfuscation
• All behavior is consistent with documented purpose (reputation checker)

The code appears legitimate, but the process-spawning and file-modification patterns likely trigger VirusTotal heuristics.

Concern:

1. clawsec-scanner is completely blocked — is this a false positive or a real compromise?
2. clawsec-clawhub-checker requires force; are we exposing ourselves by installing it?
3. Why does the ClawSec catalog recommend skills that fail ClawHub's security scans?
4. Are there plans to update these skills to avoid scanner flags?

Question for maintainers:

• Can you confirm whether these skills are safe to use?
• Have you run them through VirusTotal Code Insight? What are the results?
• Should we avoid clawsec-scanner entirely until resolved?
• Is clawsec-clawhub-checker trustworthy despite the suspicious flag?

This is urgent because users installing ClawSec protections are being blocked from recommended components, potentially undermining the security posture you're providing.

[davida-ps]

Hi!
Thank you for trying out clawsec suite!

1st thing about clawsec-scanner - it has very disturbing payloads for static scanners. - since it's a security tool, often we need to add exclusions and this is such case. use the scanner with caution and customize it to your agentic workflow before just deploying it!

clawsec-clawhub-checker - was actually supplemented by a PR to the clawhub api. we will check why it is flagged, it should be safe to run.