ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Seedbed

v1.0.0

Seedbed preparation reference — tillage methods, soil structure, moisture management, planting surface quality. Use when preparing fields for sowing, evaluat...

0· 79·0 current·0 all-time
byBytesAgain2@ckchzh
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description (seedbed preparation reference) matches the delivered artifacts: a README-style SKILL.md plus a bash script that prints guidance text. There are no unrelated required env vars or binaries declared.
Instruction Scope
SKILL.md instructs the agent to run the included scripts/script.sh with simple subcommands (intro, tillage, equipment, etc.). The instructions do not ask the agent to read unrelated files, scrape system state, or transmit data externally.
Install Mechanism
No install spec is provided (instruction-only skill with an included script). That is low-risk compared with remote download/install. The script runs locally when invoked.
Credentials
The skill declares a single optional configuration variable (SEEDBED_DIR) for a data directory and no credentials. No other environment variables or secrets are required.
Persistence & Privilege
The skill does not request always:true and is user-invocable only. It does not request system-wide configuration changes in the SKILL.md; the included script appears to be self-contained.
What to consider before installing
On the surface this looks coherent and low-risk: the SKILL.md only runs the bundled bash script to print seedbed guidance, and there are no declared credentials or install steps. However, the provided script listing was truncated, so you should: (1) inspect the remainder of scripts/script.sh before running it — specifically search for network commands (curl, wget, nc, ssh), file-system writes (especially to /, /etc, other users' homes), use of sudo, or calls to other scripts/binaries; (2) confirm what SEEDBED_DIR is used for and whether the script writes data there; (3) run the script in a sandboxed environment (container) if you plan to execute it; and (4) avoid giving the skill any unrelated credentials or broad agent privileges until you've verified the full script contents. If you provide the full scripts/script.sh text I can re-evaluate with higher confidence.

Like a lobster shell, security has layers — review code before you run it.

latestvk97ddv1d6xrk6qj0x2tzmm45z983aetp

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments