Scan Report
5 /100
Manusilized
Core architecture upgrades for OpenClaw to bring Manus-like silky-smooth streaming and enterprise-grade reliability to open-source Ollama models
Manusilized is a legitimate OpenClaw core patch for enhanced Ollama streaming and tool-calling support; no malicious behavior, credential theft, or undeclared capabilities were found.
Safe to install
This skill is safe to use. No action required.
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Filesystem | WRITE | WRITE | ✓ Aligned | install-patch.sh writes to $OPENCLAW_PATH/src/agents/ |
| Network | READ | READ | ✓ Aligned | patches/ollama-models.ts:39, patches/ollama-stream.ts:438 — HTTP POST/GET to use… |
| Shell | WRITE | WRITE | ✓ Aligned | install-patch.sh:30-33 — local cp and backup operations only |
| Environment | NONE | NONE | — | No os.environ access detected |
| Skill Invoke | NONE | NONE | — | No skill invocation or delegation detected |
| Clipboard | NONE | NONE | — | No clipboard access detected |
| Browser | NONE | NONE | — | No browser automation detected |
| Database | NONE | NONE | — | No database access detected |
1 findings
Medium External URL 外部 URL
http://192.168.20.14:11434/v1 patches/ollama-models.ts:39 File Tree
7 files · 29.5 KB · 940 lines TypeScript 2f · 827L
Markdown 2f · 50L
Shell 1f · 36L
YAML 1f · 15L
JSON 1f · 12L
├─
▾
patches
│ ├─
ollama-models.ts
TypeScript
│ ├─
ollama-stream.ts
TypeScript
│ └─
README.md
Markdown
├─
clawhub.yaml
YAML
├─
install-patch.sh
Shell
├─
package.json
JSON
└─
SKILL.md
Markdown
Dependencies 2 items
| Package | Version | Source | Known Vulns | Notes |
|---|---|---|---|---|
@mariozechner/pi-agent-core | * | npm | No | Imported but not in package.json; transitive dependency |
@mariozechner/pi-ai | * | npm | No | Imported but not in package.json; transitive dependency |
Security Positives
✓ No credential harvesting — code does not read API keys, passwords, tokens, or sensitive environment variables
✓ No remote script execution — install-patch.sh performs only local file operations (cp, mkdir check)
✓ No data exfiltration — no outbound network calls to external IPs except user-configured Ollama endpoints
✓ No obfuscation — all code is plain TypeScript, no base64, no eval(), no dynamic code generation
✓ No sensitive file access — no reads of ~/.ssh, ~/.aws, .env, or similar credential paths
✓ No persistence mechanisms — no cron jobs, startup hooks, or backdoor installation
✓ Markdown tool-call extraction is defensive-only and documented in code comments
✓ NDJSON streaming parser is standard implementation with no malicious intent
✓ HTTP requests are limited to Ollama API endpoints configured by the user
✓ install-patch.sh validates path existence before writing and creates backups (.bak files)