ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Beepack

v1.0.0

Search Beepack for reusable API packages before coding. Saves tokens and time by reusing production-tested code instead of writing from scratch.

0· 49·0 current·0 all-time
byGuillaume De Laroque@actabi
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name, description and SKILL.md consistently describe a discovery/search workflow against https://beepack.ai and show GET/POST endpoints for search, package details, feedback, suggestions and reports. No unrelated binaries, installs, or credentials are requested, which is appropriate for a read-first registry skill.
Instruction Scope
Runtime instructions are concrete (explicit HTTP endpoints and example payloads). They remain within the stated purpose (search, inspect readme, submit feedback/suggestions). However, instructions encourage POSTing code diffs/feedback and do not warn about avoiding proprietary data — this creates a realistic risk that agents might send sensitive project code or secrets to the external service.
Install Mechanism
Instruction-only skill with no install steps or downloaded artifacts. This minimizes on-disk risk and is coherent with the described function.
!
Credentials
The SKILL.md references a POST /api/v1/packages/{slug}/report endpoint marked '(auth required)' but the skill declares no required env vars or primary credential. There is a mismatch: authenticated operations are mentioned but no auth mechanism or credential fields are declared. Also, the ability to POST arbitrary 'codeDiff' content can lead to leaking proprietary code unless the agent is constrained.
!
Persistence & Privilege
The skill is marked always: true, meaning it will be force-included in every agent run. That increases the blast radius because the skill can be invoked automatically and could call external endpoints (including POST endpoints that accept code or diffs). Always-enabled status is not justified in the SKILL.md and is a notable privilege escalation compared with typical on-demand skills.
What to consider before installing
This skill appears to do what it claims (search a package registry) but exercise caution before enabling it globally. Specific things to consider: (1) always: true means the skill can run automatically on every agent task — disable or remove that unless you trust automatic searches. (2) The doc shows POST endpoints that accept code diffs/feedback and mentions authentication for reporting, but the skill declares no credentials — ask the publisher how auth should be provided and what is sent. (3) Avoid having the agent include proprietary code, secrets, or configs in feedback/suggestions/report payloads. If you plan to allow automatic use, add safeguards (sanitize or explicit approval before sending code, require an explicit API key stored in a controlled env var, or remove the always flag). If you need greater assurance, request the publisher to document the auth mechanism and a data-handling/privacy policy.

Like a lobster shell, security has layers — review code before you run it.

latestvk979kpn20bz76t6qrjkfkpvwt5843jyh

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🐝 Clawdis

Comments