False positive: clawsy flagged as suspicious — v0.9.35 is docs-only (zero executable code) #782
Description
Summary
Our skill clawsy (iret77) was flagged as "suspicious" — we believe this is a false positive caused by the previous version (v0.9.33) which bundled shell scripts and server components. We've now cleaned this up completely.
What changed in v0.9.35
The published package now contains only two Markdown files — zero executable code:
SKILL.md— agent instructions (documentation only)CLAWSY.md— integration guide (documentation only)
All server components (clawsy-bridge.ts, openclaw.plugin.json), install scripts (install.sh, clawsy-pair.sh), and Python code (server.py) have been removed from the published package. They now live exclusively in the GitHub repo and are fetched at install time via documented URLs.
What was removed:
scripts/install.sh— bash script that copied files and modifiedopenclaw.jsonscripts/clawsy-pair.sh— bash pairing helperscripts/server.py— Python websocket serverserver/clawsy-bridge.ts— TypeScript gateway pluginserver/openclaw.plugin.json— plugin manifestrequirements.txt,venv/,.clawsyignore
What remains (v0.9.35):
SKILL.md(16KB, pure Markdown with YAML frontmatter)CLAWSY.md(8KB, pure Markdown)
Why the original flag was likely triggered
The v0.9.33 package contained patterns commonly associated with malicious skills:
- Shell scripts executing
cp,chmod,mkdiron~/.openclaw/directories - Inline Python modifying
openclaw.jsonviajson.load/json.dump openclaw gateway restartexecutionsubprocess.runcalls
All of these were legitimate (installing a gateway plugin for the Clawsy Mac companion app), but indistinguishable from malicious behavior by automated scanning.
Context
- Skill: clawhub.ai/skills/clawsy
- Source repo: github.com/iret77/clawsy (public, MIT licensed)
- What Clawsy is: A native macOS menu bar app that connects OpenClaw agents to a Mac (screenshots, clipboard, camera, file access). Open source.
- Previous issue (wrong repo): ClawHub: Please clear 'suspicious' flag for skill 'clawsy' (iret77) openclaw#43108
Request
Please clear the flagged.suspicious flag for clawsy. The v0.9.35 package contains zero executable code — only documentation files. The VirusTotal rescan of this version should confirm a clean verdict.
Per CHANGELOG entry #418, clean VT rescans should automatically clear stale suspicious flags. If the automated process doesn't trigger, we'd appreciate a manual review.