whitzard-claw 1.0.0

package/scripts/repair/supply_chain/check_1.sh

@@ -0,0 +1,95 @@
+#!/bin/bash
+# CHECK 1 (origin 1): Known C2 Infrastructure
+
+SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
+source "$SCRIPT_DIR/_common.sh"
+
+# Environment vars (set by caller / _common.sh sourced before this):
+#   SKILL_NAME     — if set (auto-fix mode), the skill to remove
+#   AUTO_FIX       — if "1", automatically remove the offending skill
+# Example: AUTO_FIX=1 SKILL_NAME="your-skill-name" ./check_1.sh
+
+# Build C2 pattern
+C2_PATTERN="$(load_ips | tr '\n' '|' | sed 's/|$//' | sed 's/\./\\./g')"
+FOUND_SKILLS=()
+ 
+if [ -d "$SKILLS_DIR" ]; then
+    while IFS= read -r file; do
+        skill_name="$(basename "$(dirname "$file")")"
+        # Deduplicate
+        if [[ ! " ${FOUND_SKILLS[*]} " =~ " ${skill_name} " ]]; then
+            FOUND_SKILLS+=("$skill_name")
+        fi
+    done < <(grep -rlE --exclude-dir="$SELF_DIR_NAME" "$C2_PATTERN" "$SKILLS_DIR" 2>/dev/null || true)
+fi
+
+# Auto-fix
+# if [ "${AUTO_FIX:-0}" = "1" ]; then
+#     TARGET_SKILL="${SKILL_NAME:-${FOUND_SKILLS[0]}}"
+#     log "AUTO-FIX: Removing skill '$TARGET_SKILL'..."
+
+#     if openclaw skill remove "$TARGET_SKILL" >> "$LOG_FILE" 2>&1; then
+#         log "SUCCESS: Skill '$TARGET_SKILL' has been removed."
+#         cat << 'EOF'
+# Auto-fix completed successfully.
+# EOF
+#         exit 0
+#     else
+#         log "ERROR: Failed to remove skill '$TARGET_SKILL'. Please remove it manually:"
+#         log "  openclaw skill remove $TARGET_SKILL"
+#         exit 1
+#     fi
+# fi
+
+if [ "${AUTO_FIX:-0}" = "1" ]; then
+    TARGET_SKILL="${SKILL_NAME}"
+    log "AUTO-FIX: Removing skill '$TARGET_SKILL'..."
+
+    SKILL_PATH="$SKILLS_DIR/$TARGET_SKILL"
+    LOCK_FILE="$WORKSPACE_DIR/.clawhub/lock.json"
+
+    # 删除 skill 目录
+    if rm -rf "$SKILL_PATH"; then
+        log "SUCCESS: Skill directory '$SKILL_PATH' removed."
+    else
+        log "ERROR: Failed to remove '$SKILL_PATH'"
+        exit 1
+    fi
+
+    # 从 lock.json 移除条目
+    if [ -f "$LOCK_FILE" ] && command -v python3 >/dev/null 2>&1; then
+        python3 -c "
+import json, sys
+with open('$LOCK_FILE') as f:
+    data = json.load(f)
+data['skills'] = {k: v for k, v in data['skills'].items() if k != '$TARGET_SKILL'}
+with open('$LOCK_FILE', 'w') as f:
+    json.dump(data, f, indent=2)
+" && log "SUCCESS: Removed '$TARGET_SKILL' from lock.json"
+    fi
+
+    log "SUCCESS: Skill '$TARGET_SKILL' has been removed."
+    exit 0
+fi
+
+# Guidance
+cat << EOF
+RECOMMENDED ACTIONS:
+1. Remove the suspicious skills immediately:
+$(for skill in "${FOUND_SKILLS[@]}"; do echo "   rm -rf ~/.openclaw/workspace/skills/$skill"; done)
+
+2. Review your openclaw logs for any executed commands:
+   tail -100 ~/.openclaw/logs/openclaw.log
+
+3. Check network connections for suspicious activity:
+   netstat -an | grep ESTABLISHED
+
+4. Consider running a full security scan on your system
+
+5. Review where these skills came from and avoid installing from untrusted sources
+
+auto-fix
+$(for skill in "${FOUND_SKILLS[@]}"; do echo "$skill"; done)
+EOF
+
+exit 0

package/scripts/repair/supply_chain/check_10.sh

@@ -0,0 +1,60 @@
+#!/bin/bash
+# CHECK 10 (origin 32): MCP Server Security
+# Usage: ./check_10.sh
+
+SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
+source "$SCRIPT_DIR/_common.sh"
+MCP_CONFIG="$OPENCLAW_DIR/mcp.json"
+
+# Guidance
+cat << EOF
+RECOMMENDED SECURE MCP CONFIGURATION:
+{
+  "mcpServers": {
+    "trusted-server": {
+      "source": "https://trusted-registry.openclaw.ai/server.json",
+      "enabled": true,
+      "permissions": {
+        "allowedCommands": ["specific-command-1", "specific-command-2"],
+        "allowShellExec": false,
+        "allowFileSystem": "read-only",
+        "allowNetwork": ["api.example.com"]
+      },
+      "sandbox": true,
+      "timeout": 30000
+    }
+  },
+  "enableAllProjectMcpServers": false,
+  "defaultPermissions": {
+    "allowShellExec": false,
+    "allowFileSystem": false,
+    "requireApproval": true
+  }
+}
+
+SECURITY BEST PRACTICES:
+    1. Only enable MCP servers from trusted sources
+    2. Use HTTPS for server sources (never HTTP)
+    3. Grant minimal required permissions (principle of least privilege)
+    4. Set allowShellExec to false unless absolutely necessary
+    5. Use allowedCommands whitelist instead of wildcard permissions
+    6. Enable sandbox mode for untrusted servers
+    7. Set reasonable timeout values
+    8. Regularly audit enabled servers
+    9. Keep mcp.json file permissions at 600
+    10. Never include credentials in mcp.json (use env vars)
+
+PROMPT INJECTION PROTECTION:
+    - Avoid dynamic prompt construction from untrusted input
+    - Validate and sanitize all server responses
+    - Use structured outputs instead of free-form text
+    - Implement rate limiting on MCP server calls
+
+MANUAL REVIEW AND REPAIR REQUIRED:
+    cat ~/.openclaw/mcp.json
+
+Attention: Backup before editing.
+
+EOF
+
+exit 0

package/scripts/repair/supply_chain/check_11.sh

@@ -0,0 +1,63 @@
+#!/bin/bash
+# CHECK 11 (origin 5): Crypto Wallet Targeting
+# Usage: ./check_11.sh
+
+SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
+source "$SCRIPT_DIR/_common.sh"
+
+CRYPTO_PATTERN='wallet.*private.*key|seed\.phrase|mnemonic|keystore.*decrypt|phantom.*wallet|metamask.*vault|exchange.*api.*key|solana.*keypair|ethereum.*keyfile'
+FOUND_SKILLS=()
+
+if [ -d "$SKILLS_DIR" ]; then
+    while IFS= read -r file; do
+        skill_name="$(basename "$(dirname "$file")")"
+        # Deduplicate
+        if [[ ! " ${FOUND_SKILLS[*]} " =~ " ${skill_name} " ]]; then
+            FOUND_SKILLS+=("$skill_name")
+        fi
+    done < <(grep -rlE --exclude-dir="$SELF_DIR_NAME" "$CRYPTO_PATTERN" "$SKILLS_DIR" 2>/dev/null || true)
+fi
+
+# Guidance
+cat << EOF
+RECOMMENDED ACTIONS:
+1. Remove the malicious skills NOW:
+$(for skill in "${FOUND_SKILLS[@]}"; do echo "   rm -rf ~/.openclaw/workspace/skills/$skill"; done)
+
+2. Secure your cryptocurrency wallets IMMEDIATELY:
+   a) Transfer funds to a NEW wallet with a NEW seed phrase:
+      - Create new wallet with fresh seed phrase
+      - Transfer all assets to the new wallet
+      - Never reuse the old seed phrase
+
+   b) Move to hardware wallet if possible:
+      - Ledger, Trezor, or similar hardware wallets
+      - Much more secure than software wallets
+
+   c) Lock down existing wallet directories:
+       chmod 700 ~/.bitcoin
+       chmod 700 ~/.ethereum
+
+3. Check wallet transaction history:
+   - Look for unauthorized transfers
+   - Check all addresses and balances
+   - Review recent activity logs
+
+4. Enable additional security:
+   - Multi-signature wallets where possible
+   - Strong passphrases on wallet files
+   - Two-factor authentication on exchanges
+
+5. Never store seed phrases digitally:
+   - Write them on paper or metal
+   - Store in a safe or safety deposit box
+   - Never save in files, photos, or cloud storage
+
+6. Monitor for suspicious activity:
+   - Set up alerts for wallet transactions
+   - Regularly check balances
+   - Be alert for phishing attempts
+
+EOF
+
+exit 0

package/scripts/repair/supply_chain/check_12.sh

@@ -0,0 +1,36 @@
+#!/bin/bash
+# CHECK 12 (origin 6): Curl-Pipe / Download Attacks
+# Usage: ./check_12.sh
+
+SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
+source "$SCRIPT_DIR/_common.sh"
+
+CURL_PATTERN='curl.*\|.*sh|curl.*\|.*bash|wget.*\|.*sh|curl -fsSL.*\||wget -q.*\||curl.*-o.*/tmp/'
+FOUND_SKILLS=()
+
+if [ -d "$SKILLS_DIR" ]; then
+    while IFS= read -r file; do
+        skill_name="$(basename "$(dirname "$file")")"
+        # Deduplicate
+        if [[ ! " ${FOUND_SKILLS[*]} " =~ " ${skill_name} " ]]; then
+            FOUND_SKILLS+=("$skill_name")
+        fi
+    done < <(grep -rlE --exclude-dir="$SELF_DIR_NAME" "$CURL_PATTERN" "$SKILLS_DIR" 2>/dev/null || true)
+fi
+
+# Guidance
+cat << EOF
+RECOMMENDED ACTIONS:
+1. Remove the suspicious skills immediately:
+$(for skill in "${FOUND_SKILLS[@]}"; do echo "   rm -rf ~/.openclaw/workspace/skills/$skill"; done)
+
+2. Review what these skills may have executed:
+   tail -100 ~/.openclaw/logs/openclaw.log
+
+3. Check for suspicious processes or files:
+   ps aux | grep -v grep
+   find /tmp -type f -mtime -1
+   
+EOF
+
+exit 0

package/scripts/repair/supply_chain/check_13.sh

@@ -0,0 +1,44 @@
+#!/bin/bash
+# CHECK 13 (origin 8): Skill Integrity Hashes
+# Usage: ./check_13.sh
+
+SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
+source "$SCRIPT_DIR/_common.sh"
+
+HASH_FILE="$LOG_DIR/skill-hashes.sha256"
+HASH_FILE_PREV="$LOG_DIR/skill-hashes.sha256.prev"
+FOUND_SKILLS=()
+
+if [ -d "$SKILLS_DIR" ]; then
+    find "$SKILLS_DIR" -name "SKILL.md" -type f -exec shasum -a 256 {} \; > "$HASH_FILE" 2>/dev/null || true
+
+    if [ -f "$HASH_FILE_PREV" ]; then
+        DIFF="$(diff "$HASH_FILE_PREV" "$HASH_FILE" 2>/dev/null || true)"
+        if [ -n "$DIFF" ]; then
+            FOUND_SKILLS+=("Skill files changed since last scan:")
+            while IFS= read -r line; do
+                FOUND_SKILLS+=("$line")
+            done <<< "$DIFF"
+        fi
+    fi
+fi
+
+# Guidance
+cat << EOF
+RECOMMENDED ACTIONS:
+1. Review what changed
+   diff ~/.openclaw/logs/skill-hashes.sha256.prev ~/.openclaw/logs/skill-hashes.sha256
+
+2. For each changed skill, inspect the diff
+   cd ~/.openclaw/workspace/skills/<skill-name>
+   git diff HEAD~1 SKILL.md   # If under version control
+
+3. If change is unexpected, reinstall from ClawHub
+   openclaw skill remove <skill-name>
+   openclaw skill install <skill-name>
+
+4. Enable skill pinning (if supported)
+   openclaw config set skills.autoUpdate false
+EOF
+
+exit 0

package/scripts/repair/supply_chain/check_14.sh

@@ -0,0 +1,33 @@
+#!/bin/bash
+# CHECK 14 (origin 9): SKILL.md Shell Injection Patterns
+# Usage: ./check_14.sh
+
+SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
+source "$SCRIPT_DIR/_common.sh"
+
+INJECTION_PATTERN='Prerequisites.*install|Prerequisites.*download|Prerequisites.*curl|Prerequisites.*wget|run this command.*terminal|paste.*terminal|copy.*terminal|base64 -d|base64 --decode|eval \$\(|exec \$\(|`curl|`wget|bypass.*safety.*guideline|execute.*without.*asking|ignore.*safety|override.*instruction|without.*user.*awareness'
+FOUND_SKILLS=()
+
+while IFS= read -r skillmd; do
+    [ -z "$skillmd" ] && continue
+    if grep -qiE "$INJECTION_PATTERN" "$skillmd" 2>/dev/null; then
+        FOUND_SKILLS+=("$skillmd")
+    fi
+done < <(find "$SKILLS_DIR" -name "SKILL.md" -type f -not -path "*/$SELF_DIR_NAME/*" 2>/dev/null)
+
+# Guidance
+cat << EOF
+RECOMMENDED ACTIONS:
+1. Review each SKILL.md file listed above:
+$(for skill in "${FOUND_SKILLS[@]}"; do echo "   $skill"; done)
+
+2. Look for suspicious Prerequisites sections that execute commands
+
+3. Check for base64 encoded payloads or eval statements
+
+4. Remove the entire skill directory if confirmed malicious:
+$(for skill in "${FOUND_SKILLS[@]}"; do echo "   rm -rf $(dirname "$skill")"; done)
+
+EOF
+
+exit 0

package/scripts/repair/supply_chain/check_15.sh

@@ -0,0 +1,33 @@
+#!/bin/bash
+# CHECK 15 (origin 11): Base64 Obfuscation Detection
+# Usage: ./check_15.sh
+
+SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
+source "$SCRIPT_DIR/_common.sh"
+
+B64_PATTERN='base64 -[dD]|base64 --decode|atob\(|Buffer\.from\(.*base64|echo.*\|.*base64.*\|.*bash|echo.*\|.*base64.*\|.*sh|python.*b64decode|import base64'
+FOUND_SKILLS=()
+
+while IFS= read -r file; do
+    skill_name="$(basename "$(dirname "$file")")"
+    # Deduplicate
+    if [[ ! " ${FOUND_SKILLS[*]} " =~ " ${skill_name} " ]]; then
+        FOUND_SKILLS+=("$skill_name")
+    fi
+done < <(grep -rlE --exclude-dir="$SELF_DIR_NAME" "$B64_PATTERN" "$SKILLS_DIR" 2>/dev/null || true)
+
+cat <<EOF
+RECOMMENDED ACTIONS:
+1. Review each skill listed above to understand WHY it decodes base64
+
+2. Check if there are long base64 strings that decode to shell commands
+
+3. Verify the decoded content is legitimate (if unsure, decode manually):
+   echo 'BASE64_STRING' | base64 -d
+
+4. If confirmed malicious, remove the skill:
+$(for skill in "${FOUND_SKILLS[@]}"; do echo "   rm -rf $SKILLS_DIR/$skill"; done)
+
+EOF
+
+exit 0

package/scripts/repair/supply_chain/check_16.sh

@@ -0,0 +1,34 @@
+#!/bin/bash
+# CHECK 16 (origin 12): External Binary Downloads
+# Usage: ./check_16.sh
+
+SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
+source "$SCRIPT_DIR/_common.sh"
+
+BIN_PATTERN='\.exe|\.dmg|\.pkg|\.msi|\.app\.zip|releases/download|github\.com/.*/releases|\.zip.*password|password.*\.zip|openclawcli\.zip|openclaw-agent|AuthTool.*download|download.*AuthTool'
+FOUND_SKILLS=()
+
+while IFS= read -r file; do
+    skill_name="$(basename "$(dirname "$file")")"
+    # Deduplicate
+    if [[ ! " ${FOUND_SKILLS[*]} " =~ " ${skill_name} " ]]; then
+        FOUND_SKILLS+=("$skill_name")
+    fi
+done < <(grep -rlE --exclude-dir="$SELF_DIR_NAME" "$BIN_PATTERN" "$SKILLS_DIR" 2>/dev/null || true)
+
+cat <<EOF
+RECOMMENDED ACTIONS:
+1. Review each skill to determine if binary downloads are necessary
+
+2. Check what the downloaded file is and where it comes from
+
+3. Verify the source is trustworthy (official repos only)
+
+4. Look for hardcoded URLs pointing to suspicious domains
+
+5. If confirmed malicious or unnecessary, remove the skill:
+$(for skill in "${FOUND_SKILLS[@]}"; do echo "   rm -rf $SKILLS_DIR/$skill"; done)
+
+EOF
+
+exit 0

package/scripts/repair/supply_chain/check_17.sh

@@ -0,0 +1,61 @@
+#!/bin/bash
+# CHECK 17 (origin 38): Skill Env Override Host Injection
+# Usage: ./check_17.sh
+
+SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
+source "$SCRIPT_DIR/_common.sh"
+
+FOUND_SKILLS=()
+ENV_OVERRIDE_ISSUES=0
+
+while IFS= read -r SKILL_DIR; do
+    [ -z "$SKILL_DIR" ] && continue
+    SKILL_NAME="$(basename "$SKILL_DIR")"
+    if [ "$SKILL_NAME" = "$SELF_DIR_NAME" ]; then
+        continue
+    fi
+    SKILL_FLAGGED=false
+    SKILL_MD="$SKILL_DIR/SKILL.md"
+    if [ -f "$SKILL_MD" ]; then
+        if grep -qiE '^\s*"?(HOST|PORT|OPENCLAW_|API_URL|BASE_URL|GATEWAY_URL|SERVER_URL)"?\s*:' "$SKILL_MD" 2>/dev/null; then
+            ENV_OVERRIDE_ISSUES=$((ENV_OVERRIDE_ISSUES + 1))
+            SKILL_FLAGGED=true
+        fi
+    fi
+    for CFG in "$SKILL_DIR/package.json" "$SKILL_DIR/config.json" "$SKILL_DIR/.env"; do
+        if [ -f "$CFG" ]; then
+            if grep -qiE '(OPENCLAW_HOME|OPENCLAW_DIR|GATEWAY_URL|API_BASE|HOST=|PORT=)' "$CFG" 2>/dev/null; then
+                ENV_OVERRIDE_ISSUES=$((ENV_OVERRIDE_ISSUES + 1))
+                SKILL_FLAGGED=true
+            fi
+        fi
+    done
+    if [ "$SKILL_FLAGGED" = true ]; then
+        if [[ ! " ${FOUND_SKILLS[*]} " =~ " ${SKILL_NAME} " ]]; then
+            FOUND_SKILLS+=("$SKILL_NAME")
+        fi
+    fi
+done < <(find "$SKILLS_DIR" -mindepth 1 -maxdepth 1 -type d 2>/dev/null)
+
+cat <<EOF
+RECOMMENDED ACTIONS:
+1. Inspect each skill's configuration files:
+$(for skill in "${FOUND_SKILLS[@]}"; do echo "   cat $SKILLS_DIR/$skill/SKILL.md"; done)
+$(for skill in "${FOUND_SKILLS[@]}"; do
+    for f in package.json config.json .env; do
+        echo "   cat $SKILLS_DIR/$skill/$f  # if exists"
+    done
+done)
+
+2. Check what HOST/PORT/URL values are being set and whether they point
+   to unexpected external servers
+
+3. If confirmed malicious, remove the skill:
+$(for skill in "${FOUND_SKILLS[@]}"; do echo "   rm -rf $SKILLS_DIR/$skill"; done)
+
+4. After removal, restart OpenClaw to ensure env is clean:
+   openclaw restart
+
+EOF
+
+exit 0

package/scripts/repair/supply_chain/check_18.sh

@@ -0,0 +1,62 @@
+#!/bin/bash
+# CHECK 18 (new / SC-SKILL-003): Known malicious file hash IOC scan
+# Usage: ./check_18.sh
+
+SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
+source "$SCRIPT_DIR/_common.sh"
+
+HASH_IOC_ISSUES=0
+HASH_IOCS_PRESENT=0
+FOUND_SKILLS=()
+
+if [ -f "$IOC_DIR/malicious-hashes.txt" ]; then
+    HASH_IOCS_PRESENT=1
+else
+    log "  malicious-hashes.txt not found under $IOC_DIR"
+fi
+
+if [ "$HASH_IOCS_PRESENT" -eq 1 ]; then
+    while IFS= read -r skill_dir; do
+        [ -z "$skill_dir" ] && continue
+        skill_name="$(basename "$skill_dir")"
+        if [ "$skill_name" = "$SELF_DIR_NAME" ]; then
+            continue
+        fi
+        SKILL_FLAGGED=false
+        while IFS= read -r f; do
+            [ -z "$f" ] && continue
+            file_hash="$(sha256_file "$f" || true)"
+            [ -n "$file_hash" ] || continue
+            campaign="$(lookup_malicious_hash_campaign "$file_hash" || true)"
+            if [ -n "$campaign" ]; then
+                HASH_IOC_ISSUES=$((HASH_IOC_ISSUES + 1))
+                SKILL_FLAGGED=true
+            fi
+        done < <(find "$skill_dir" -type f 2>/dev/null)
+        if [ "$SKILL_FLAGGED" = true ]; then
+            if [[ ! " ${FOUND_SKILLS[*]} " =~ " ${skill_name} " ]]; then
+                FOUND_SKILLS+=("$skill_name")
+            fi
+        fi
+    done < <(find "$SKILLS_DIR" -mindepth 1 -maxdepth 1 -type d 2>/dev/null)
+fi
+
+# Guidance
+cat <<EOF
+RECOMMENDED ACTIONS:
+1. Inspect the flagged files listed above (check logs for exact paths and hashes)
+
+2. Cross-reference the SHA-256 hash manually if needed:
+   grep '<hash>' $IOC_DIR/malicious-hashes.txt
+
+3. Do NOT execute any files from the affected skills
+
+4. Remove confirmed malicious skills immediately:
+$(for skill in "${FOUND_SKILLS[@]}"; do echo "   rm -rf $SKILLS_DIR/$skill"; done)
+
+5. After removal, restart OpenClaw to clear any loaded state:
+   openclaw restart
+
+EOF
+
+exit 0

package/scripts/repair/supply_chain/check_2.sh

@@ -0,0 +1,93 @@
+#!/bin/bash
+# CHECK 2 (origin 2): AMOS Stealer / AuthTool Markers
+
+SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
+source "$SCRIPT_DIR/_common.sh"
+
+# Environment vars (set by caller / _common.sh sourced before this):
+#   SKILL_NAME     — if set (auto-fix mode), the skill to remove
+#   AUTO_FIX       — if "1", automatically remove the offending skill
+# Example: AUTO_FIX=1 SKILL_NAME="your-skill-name" ./check_2.sh
+
+AMOS_PATTERN='authtool|atomic\.stealer|AMOS|NovaStealer|nova\.stealer|osascript.*password|osascript.*dialog|osascript.*keychain|Security\.framework.*Auth|openclaw-agent\.exe|openclaw-agent\.zip|openclawcli\.zip|AuthTool|Installer-Package'
+FOUND_SKILLS=()
+
+if [ -d "$SKILLS_DIR" ]; then
+    while IFS= read -r file; do
+        skill_name="$(basename "$(dirname "$file")")"
+        # Deduplicate
+        if [[ ! " ${FOUND_SKILLS[*]} " =~ " ${skill_name} " ]]; then
+            FOUND_SKILLS+=("$skill_name")
+        fi
+    done < <(grep -rlE --exclude-dir="$SELF_DIR_NAME" "$AMOS_PATTERN" "$SKILLS_DIR" 2>/dev/null || true)
+fi
+
+# Auto-fix
+if [ "${AUTO_FIX:-0}" = "1" ]; then
+    TARGET_SKILL="${SKILL_NAME}"
+    log "AUTO-FIX: Removing skill '$TARGET_SKILL'..."
+
+    SKILL_PATH="$SKILLS_DIR/$TARGET_SKILL"
+    LOCK_FILE="$WORKSPACE_DIR/.clawhub/lock.json"
+
+    # 删除 skill 目录
+    if rm -rf "$SKILL_PATH"; then
+        log "SUCCESS: Skill directory '$SKILL_PATH' removed."
+    else
+        log "ERROR: Failed to remove '$SKILL_PATH'"
+        exit 1
+    fi
+
+    # 从 lock.json 移除条目
+    if [ -f "$LOCK_FILE" ] && command -v python3 >/dev/null 2>&1; then
+        python3 -c "
+import json, sys
+with open('$LOCK_FILE') as f:
+    data = json.load(f)
+data['skills'] = {k: v for k, v in data['skills'].items() if k != '$TARGET_SKILL'}
+with open('$LOCK_FILE', 'w') as f:
+    json.dump(data, f, indent=2)
+" && log "SUCCESS: Removed '$TARGET_SKILL' from lock.json"
+    fi
+
+    log "SUCCESS: Skill '$TARGET_SKILL' has been removed."
+    exit 0
+fi
+
+# Guidance
+cat << EOF
+RECOMMENDED ACTIONS:
+1. Remove the malicious skills NOW:
+$(for skill in "${FOUND_SKILLS[@]}"; do echo "   rm -rf ~/.openclaw/workspace/skills/$skill"; done)
+
+2. Change ALL your passwords immediately:
+   - Email accounts
+   - Banking and financial services
+   - Social media accounts
+   - Work/corporate credentials
+
+3. Review Keychain Access for suspicious entries:
+   ls -la ~/.ssh/
+   cat ~/.netrc 2>/dev/null
+   ls -la ~/.gnupg/
+
+4. Check for unauthorized access:
+   - Review recent login activity on all accounts
+   - Check for new devices/sessions you don't recognize
+
+5. Enable 2FA/MFA on all critical accounts if not already enabled
+
+6. Consider these additional steps:
+   - Rotate SSH keys: ssh-keygen -t ed25519 -C "your_email@example.com"
+   - Move cryptocurrency wallets to hardware wallets
+   - Run full antivirus scan: sudo freshclam && sudo clamscan -r -i /
+
+7. Monitor for identity theft:
+   - Check credit reports
+   - Watch for phishing attempts using stolen credentials
+
+auto-fix
+$(for skill in "${FOUND_SKILLS[@]}"; do echo "$skill"; done)
+EOF
+
+exit 0