ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Real Estate Showing Brief

v1.0.0

为房产带看前整理买家画像、关注点、路线与现场提问清单。;use for real-estate, showing, brief workflows;do not use for 编造房源信息, 替代正式法律披露.

0· 92·0 current·0 all-time
byvx:17605205782@52yuanchangxing
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description, resources (spec.json, template.md), README and SKILL.md all describe producing structured showing briefs; the only runtime requirement is python3 which is appropriate for the included scripts. No unrelated credentials, binaries, or network dependencies are requested.
Instruction Scope
SKILL.md instructs the agent to prefer a review/dry-run and references running scripts under {baseDir}; the bundled scripts implement structured brief generation and several audit modes (directory, CSV, pattern, skill audit). The script can read arbitrary files and directories supplied as the --input argument and can write output files. This is coherent for an auditing/briefing tool, but be conscious that if a user supplies a broad path (e.g., root or a home directory) the script will read many local files and may surface sensitive content in reports.
Install Mechanism
There is no install spec; the skill is instruction-driven and includes a local Python script. It requires only python3 and uses the standard library. No remote downloads or package installs are performed.
Credentials
The skill requires no environment variables or credentials. The script scans local files but does not access or require external secrets or tokens. The included pattern checks explicitly look for secret-like strings to flag them — indicating awareness rather than exfiltration.
Persistence & Privilege
The skill is user-invocable, not forced-always, and does not request persistent system privileges or change other skills' configuration. It can be invoked autonomously per platform default, which is normal and not combined with other concerning permissions.
Assessment
This skill appears to do what it says: generate structured showing briefs and optionally run local audits. Before using it: (1) review scripts/run.py yourself to confirm behavior you accept; (2) when invoking, avoid passing broad filesystem paths (e.g., / or your entire home) to --input to prevent accidental scanning of sensitive files; (3) use --dry-run or run with an explicit example input first; (4) don't supply unredacted PII or secrets in input files; (5) if you need autonomous invocation enabled for agents, be cautious about what input paths the agent may provide automatically.

Like a lobster shell, security has layers — review code before you run it.

latestvk97809zqdmnnj9pmamnnqeh6mx836ngp

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🏠 Clawdis
OSmacOS · Linux · Windows
Binspython3

Comments