Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Consulting
v3.0.0Consulting practice management with engagement scoping, proposal writing, pricing strategy, and client relationship management. Use when user mentions consul...
⭐ 0· 411·1 current·1 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description promise a multi-script consulting system (scoping, proposals, pricing, deliverables, relationships). The package only contains one script (scope_engagement.py). SKILL.md references many scripts and reference files that are not included. The one included script does match the 'scope engagement' capability, but the overall claim-to-implementation mismatch is problematic.
Instruction Scope
Runtime instructions in SKILL.md instruct the agent to run many scripts (write_proposal.py, structure_pricing.py, etc.) that are not present. The SKILL.md also documents local memory paths; the actual script writes to ~/.openclaw/workspace/memory/consulting which is consistent in intent but not exactly the same literal path described earlier. The instructions do not perform network calls or request credentials, so there's no immediate exfiltration risk, but the missing files mean the agent may attempt to run nonexistent commands and fail or behave unexpectedly.
Install Mechanism
No install spec — instruction-only plus a small local script. Nothing is downloaded or extracted; no package installs are requested.
Credentials
No environment variables, credentials, or external config paths are required. The script only reads/writes a local JSON file under the user's home directory.
Persistence & Privilege
Skill is not marked always:true and does not request elevated privileges or modify other skills. It writes its own data under a dot-directory in the user's home — expected for a local memory store.
What to consider before installing
This skill's documentation claims multiple scripts and reference files, but the package only includes scope_engagement.py. That makes the skill incomplete rather than malicious. Before installing or using it: 1) Inspect the included script (already done) — it only writes a JSON under ~/.openclaw/workspace/memory/consulting and prints prompts (no network activity). 2) Ask the publisher or check the source for the missing scripts and reference files (write_proposal.py, structure_pricing.py, etc.) if you need those features. 3) If you proceed, run it in a sandbox or test account first; note it will create/modify ~/.openclaw/workspace/memory/consulting/engagements.json so back up or adjust the path if that’s a concern. 4) If you expect a full toolkit from this skill, treat the current package as incomplete and avoid relying on it for production use. If additional files appear that contact external endpoints or request credentials, reassess — that would raise the risk level.Like a lobster shell, security has layers — review code before you run it.
businessvk979791q15j627acp3rgazxvh582mw7fclientvk979791q15j627acp3rgazxvh582mw7fclientsvk97dkh06tf1yxa492fktf8czd182g0acconsultingvk979791q15j627acp3rgazxvh582mw7ffreelancevk97dkh06tf1yxa492fktf8czd182g0aclatestvk979791q15j627acp3rgazxvh582mw7fproposalvk979791q15j627acp3rgazxvh582mw7fproposalsvk97dkh06tf1yxa492fktf8czd182g0acstrategyvk979791q15j627acp3rgazxvh582mw7f
License
MIT-0
Free to use, modify, and redistribute. No attribution required.