ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

skill-refiner

v1.0.0

Audit and fix all skills in the workspace for compliance with skill-creator requirements. Use when asked to "refine skills", "audit skills", "check skill qua...

0· 702·2 current·2 all-time
byva7@1va7
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
Purpose & Capability
The name/description match the packaged artifacts: scripts/find_skills.sh searches the workspace for SKILL.md files and scripts/audit_skill.py performs the compliance checks the README/SKILL.md describe. No unrelated binaries, services, or env vars are requested.
!
Instruction Scope
SKILL.md instructs an exhaustive search of the entire workspace and provides step-by-step 'Fix non-compliant skills' actions that include deleting files (README.md, CHANGELOG.md), renaming directories, and moving skills into ~/.openclaw/workspace/skills/<skill-name>/. The included scripts only perform discovery and auditing (read-only), but the instructions encourage destructive filesystem changes. If an agent follows the SKILL.md instructions autonomously or runs ad-hoc shell commands, this could result in mass file moves/deletions across the user's workspace.
Install Mechanism
No remote install or downloads are specified (instruction-only skill with local scripts). All code is bundled; there are no external URLs, package installs, or extraction steps. Risk from install mechanism is low.
Credentials
The skill requests no environment variables, credentials, or config paths. The actions it describes operate on local files only, which is proportionate to an auditing/fixing tool.
Persistence & Privilege
The skill is not always-included and requests no special privileges. However, because the SKILL.md explicitly tells the agent how to modify/move/delete many files across the workspace, granting the agent autonomous execution rights (or allowing it to run these shell commands) increases blast radius. The scripts themselves do not automatically perform fixes, but the instructions could be executed by the agent or a user.
What to consider before installing
This package is functionally what it says (it discovers and audits SKILL.md files), but its runtime instructions recommend destructive fixes (deleting README.md, moving directories, renaming skills) that could remove or relocate many user files. Before installing or allowing autonomous invocation: 1) Inspect scripts locally and run them yourself in read-only mode (bash scripts/find_skills.sh and python3 scripts/audit_skill.py) to review the audit output. 2) Make a full backup of your workspace. 3) Do not grant the skill permission to run shell commands autonomously unless you trust it; prefer manual application of fixes after reviewing each change. 4) If you want automation, consider forking the skill and removing or changing the destructive 'fix' steps (or add a dry-run flag and explicit user confirmation for any delete/move operations).

Like a lobster shell, security has layers — review code before you run it.

latestvk97dsaxv0h4nrtykf88p6ev8xn81hxrd

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments