ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Agent Board

v1.0.2

Build multi-panel storyboards programmatically — create projects, upload images/audio to boards, composite annotations, export PDFs, share via public URL. In...

0· 62·0 current·0 all-time
by@0xartex
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
CryptoCan make purchases
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (create projects, upload images/audio, annotate, export/share) matches the documented REST endpoints and data model. No unrelated binaries, env vars, or config paths are requested.
Instruction Scope
Instructions are scoped to creating projects, uploading assets (local path, URL, or base64), annotating, and exporting/sharing. They explicitly require the agent to only read local file paths the user authorizes. Important privacy note: using the service uploads image/audio bytes to https://agentboard.fly.dev and public share links are supported — this is expected for the functionality but may expose sensitive content.
Install Mechanism
Instruction-only skill with no install spec and no code files. Lowest install risk; nothing will be written to disk by the skill itself beyond what the host runtime does when calling endpoints.
Credentials
No environment variables, credentials, or config paths are requested. The declared lack of required credentials aligns with the public endpoints described.
Persistence & Privilege
always is false and model invocation is allowed (normal). The skill does not request persistent/always-on privileges nor modify other skills or system config.
Assessment
This skill is internally consistent for a cloud-hosted storyboard service, but consider privacy and trust before uploading files: any images or audio you upload (or provide as remote URLs) will be sent to https://agentboard.fly.dev and public share URLs can expose content. The SKILL.md mentions rate-limiting 'per IP+token' but also says no credentials are required — ask the provider what that 'token' means before sending sensitive data. Prefer uploading files you control (use local paths or provide URLs you trust), avoid linking internal/private URLs (to prevent server-side fetches of internal resources), and test with non-sensitive sample data first.

Like a lobster shell, security has layers — review code before you run it.

latestvk97bc3hamv4zbv12ykhgp8msv184en6z

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments