ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Prose Andy27725

v1.0.0

OpenProse VM skill pack. Activate on any `prose` command, .prose files, or OpenProse mentions; orchestrates multi-agent workflows.

0· 71·0 current·0 all-time
by@andy27725
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description (OpenProse VM, run/compile/orchestrate .prose) matches the SKILL.md instructions: loading local prose specification, examples, and optional state backends; routing prose commands; and supporting remote .prose fetch+run. No unrelated credentials, binaries, or installs are requested.
Instruction Scope
SKILL.md gives the agent broad runtime actions typical for a language runner: read bundled files (examples, prose.md, state backends), list examples, and fetch remote .prose programs. It explicitly maps remote fetch to web_fetch or exec with curl when POST is required—this grants the agent discretion to perform network fetches and shell execs. This behavior is coherent with the skill's purpose but increases the runtime blast radius: running unreviewed remote programs will execute their logic within the agent environment.
Install Mechanism
Instruction-only skill with no install spec and no code to write to disk. Lowest installation risk; nothing is downloaded or extracted by the skill itself.
Credentials
No required environment variables, credentials, or config paths are declared. The SKILL.md references optional state backends (SQLite/Postgres) but does not demand credentials—using those backends would require separate configuration supplied by the user, which is proportionate.
Persistence & Privilege
always:false and no install means it does not request permanent inclusion or elevated platform privileges. The skill can be invoked autonomously (platform default), which is normal; combine this with caution about remote execution if you allow autonomous runs.
Assessment
This skill is coherent with its stated role as an OpenProse VM/runner and does not ask for credentials or install anything. The main risk is behavioral: it is explicitly designed to fetch and run .prose programs from arbitrary URLs and registry handles, and it may use web_fetch or shell exec (curl) for those operations. Before running or allowing autonomous execution, review any remote .prose you intend to run; avoid running unknown handles/URLs; consider restricting the agent's web_fetch/exec permissions or disabling autonomous invocation for this skill; and be cautious if you configure experimental backends (Postgres/SQLite)—supply credentials only to trusted programs and secure those secrets separately.

Like a lobster shell, security has layers — review code before you run it.

latestvk97bxpmj1y2p6xd9arhbvepgjx83g1fj

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🪶 Clawdis

Comments