ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Divide Agent

v0.1.0

AI agent for divide agent tasks

0· 660·1 current·1 all-time
by@alvinecarn
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill name and description (Divide Agent) align with the SKILL.md: it instructs the agent to perform MECE two-layer decomposition and produce a mermaid tree diagram. There are no unrelated binaries, credentials, or install steps required in the manifest.
!
Instruction Scope
The runtime instructions require using a 'web page reading tool' for research and explicitly call two tools: create_wiki_document and submit_result to write and submit the decomposition. Those tools/endpoints are not declared in the skill metadata. Invoking them may transmit user-provided or contextual data to external systems; the instructions also instruct the agent to 'fill in the wiki document' and attach files, which is data-export behavior not documented or justified by the manifest.
Install Mechanism
Instruction-only skill with no install spec: nothing is written to disk or downloaded during installation, which is low risk and consistent with the manifest.
Credentials
The skill declares no required environment variables or credentials. However, the instructions rely on tools that typically require endpoints/credentials (wiki/document submission and web-reading). Because these are not declared, it's unclear what permissions/credentials will be used; the platform-provided tools might have access to external services and credentials, so the manifest under-represents the actual data flow and privileges.
Persistence & Privilege
Flags show always:false and no OS restrictions. The skill doesn't request persistent installation or modification of other skills or system configs in the manifest or SKILL.md.
What to consider before installing
Before installing or enabling this skill, ask the publisher to clarify which tools and endpoints the skill will call (specifically create_wiki_document and submit_result) and where submitted documents are stored. Confirm whether any platform credentials or tokens will be used and if the skill will automatically send user content without explicit consent. If you plan to use the skill with sensitive information, insist on (a) explicit declaration of required tools/credentials in the manifest, (b) a prompt/confirmation step before any external submit action, or (c) a version that only returns the decomposition to you (no automatic submission). If you cannot obtain those guarantees, test the skill in a sandboxed environment or avoid using it with confidential data.

Like a lobster shell, security has layers — review code before you run it.

latestvk971f3qthk8kz4wpehqyf6s7fn817e7h

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments