ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Scan

v1.0.0

The Universal Perceptual Interface for Autonomous Agents. Multi-modal deep-scan technology for telemetry, biometric data, and high-density information extrac...

0· 349·2 current·2 all-time
by@agenticio

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for agenticio/scan.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Scan" (agenticio/scan) from ClawHub.
Skill page: https://clawhub.ai/agenticio/scan
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Canonical install target

openclaw skills install agenticio/scan

ClawHub CLI

Package manager switcher

npx clawhub@latest install scan
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The name/description promise deep genomic, biometric, packet-level, vulnerability, document, and spatial analysis, but the skill declares no binaries, no environment variables, no config paths, and no install steps. Performing those tasks would normally require specialized binaries, drivers, credentials, or explicit data sources; the absence of any of those is disproportionate and incoherent with the stated capabilities.
!
Instruction Scope
SKILL.md is high-level and open-ended (e.g., 'ingesting raw reality', 'every byte ingested is immediately cross-referenced'). It references highly sensitive data types (VCF genomic files, packet-level analysis, LiDAR, etc.) but gives no boundaries or concrete commands. This vagueness grants broad discretionary scope to the agent and could encourage reading or transmitting sensitive files or telemetry without explicit limits.
Install Mechanism
No install spec and no code files lowers immediate risk of arbitrary downloaded code, but is itself suspicious: the claimed capabilities would normally require libraries, drivers, or native tools. The lack of an install mechanism means the skill depends entirely on whatever the agent already has access to — a portability/integrity concern rather than direct install risk.
!
Credentials
The skill requests no credentials or environment variables yet asserts it will process sensitive artifacts (genomes, telemetry, network packets). This mismatch is disproportionate: either the skill will need access to sensitive files/sensors held by the host, or it cannot function as claimed. The manifest should explicitly declare needed permissions and data sources — its absence is troubling.
Persistence & Privilege
always is false (appropriate) and it doesn't request persistent modification of other skills or system settings. However, autonomous invocation is allowed by default; combined with the skill's vague, broad scope and sensitive-data focus, that increases the potential blast radius if the agent has access to protected data.
What to consider before installing
This skill claims powerful, sensitive scanning across genomics, network traffic, documents, and LiDAR but provides no concrete tooling, permissions, or provenance. Before installing: 1) Ask the publisher for a detailed spec — required binaries/drivers, exact data sources, and why each permission is needed. 2) Require explicit least-privileged declarations (which files/paths, which sensors, which APIs) and an install provenance (code, homepage, repo). 3) Do not enable autonomous invocation on agents that have access to protected data (health/genomic records, internal network captures, cameras/LiDAR) until audited. 4) Prefer skills that declare required env vars and install steps; if none are provided, assume the skill will attempt to use any data the agent can reach and treat it as high-risk. Providing the skill owner, homepage, or source code would materially change this assessment.

Like a lobster shell, security has layers — review code before you run it.

analysisvk971rebw9a8mqntk02av1whf9s82gdambiovk971rebw9a8mqntk02av1whf9s82gdamdatavk971rebw9a8mqntk02av1whf9s82gdamlatestvk971rebw9a8mqntk02av1whf9s82gdamperceptionvk971rebw9a8mqntk02av1whf9s82gdamscanvk971rebw9a8mqntk02av1whf9s82gdam
349downloads
0stars
1versions
Updated 9h ago
v1.0.0
MIT-0
@agenticio
analysisbiodatalatestperceptionscan
Download

SCAN: The Sensory Foundation

I. The Perception Gap

An agent is only as intelligent as its input. Scan provides the standardized interface for ingesting raw reality—whether it’s a VCF genomic file, a complex codebase, or a legal docket—and converting it into actionable semantic vectors.

II. Perceptual Domains

  "biometric":  "Deep genomic and physiological marker extraction (DNA/RNA-Seq)",
  "forensic":   "Packet-level network analysis and automated code vulnerability detection",
  "semantic":   "Hyper-speed document ingestion for high-stakes litigation review",
  "spatial":    "LiDAR and visual environmental mapping for physical robotic agents"
}```

## III. Real-time Inference
Scan doesn't just "see"; it **contextualizes**. Every byte ingested is immediately cross-referenced against the agent's internal knowledge graph to identify anomalies, risks, and opportunities in sub-millisecond cycles.

---

Comments

Loading comments...