ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Comment On Task

v0.1.0

Add or read comments on an OpenAnt task. Use when the agent wants to communicate with the task creator or worker, ask questions about a task, provide progres...

0· 337·0 current·0 all-time
by@ant-1984
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description align with the SKILL.md: it only reads and writes comments using the OpenAnt CLI (npx @openant-ai/cli). There are no unrelated binaries, env vars, or install steps requested.
!
Instruction Scope
The SKILL.md gives concrete commands (npx @openant-ai/cli tasks comments / tasks comment) and explicitly tells the agent to 'execute immediately' for routine updates and 'No confirmation needed.' While the commands are in-scope, the instruction to post without confirmation gives the agent broad authority to send messages on behalf of the user, which can lead to unexpected or unwanted postings.
Install Mechanism
Instruction-only skill; no install spec and no code files. Low disk/write risk because nothing is downloaded or installed by the skill itself.
Credentials
The skill declares no required env vars, but the CLI will require OpenAnt authentication stored in the environment, npm config, or local config files. The SKILL.md refers to an authenticate-openant skill for 'Authentication required' errors, but it does not declare or manage credentials itself — the agent will implicitly use whatever local creds exist, which could expose tokens or cause actions under an unexpected identity.
Persistence & Privilege
always:false and normal model invocation are set (no elevated platform privilege). However, the runtime instructions explicitly permit autonomous, confirmation-free posting; combined with agent autonomy this increases the chance of unintended actions even though the skill does not request persistent elevated privileges.
What to consider before installing
This skill appears to do exactly what it says — run the OpenAnt CLI to read/write task comments — but pay attention to two risks before installing: 1) It instructs the agent to post comments immediately without asking you, so the agent can send messages on your behalf. If you want to prevent accidental posts, require user confirmation or remove the 'No confirmation needed' guidance. 2) The CLI will use whatever OpenAnt credentials are present in the environment or local config (npm, .netrc, OS keychain). Confirm which identity will be used and that those credentials are limited/appropriate. If you want to test safely, try with a throwaway/test task or temporarily revoke/post a limited token, and consider using or reviewing the referenced authenticate-openant skill so auth is explicit and auditable.

Like a lobster shell, security has layers — review code before you run it.

latestvk978g8ey63wfg0k04g61nap5gs8238ca

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments