Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Krónan
v1.0.2CLI tool for Kronan.is, Iceland's grocery store. Search products, manage cart, view orders. Requires GitHub CLI for install. Stores auth tokens at ~/.kronan/...
⭐ 0· 57·0 current·0 all-time
by@arnif
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description (Kronan CLI for shopping) aligns with the instructions (search, cart, orders). Requiring GitHub CLI for cloning/releases and bun for building from source is reasonable. However, the registry metadata lists no required binaries/config paths while SKILL.md explicitly lists gh, bun, and ~/.kronan/tokens.json — a mismatch that should be reconciled.
Instruction Scope
SKILL.md instructs cloning the repo and executing install.sh which downloads and installs a binary — that runs remote code on the host. It also marks ‘me’ and other read-only commands as safe to run without confirmation; but 'me' returns sensitive PII (name, phone, kennitala). The guidance to agents to freely run read-only commands that return PII is overly permissive and risks leaking sensitive data to logs/LLMs.
Install Mechanism
There is no formal install spec in registry, but SKILL.md instructs cloning arnif/kronan-cli and running install.sh which downloads a pre-built binary from GitHub releases. Using GitHub releases is a typical pattern (lower-risk than random host), but running an install.sh that downloads/extracts a binary is inherently higher risk — you should audit the script and release binaries (signatures/hashes) before executing.
Credentials
The skill requests no env variables in registry metadata, which is appropriate. SKILL.md documents local token storage at ~/.kronan/tokens.json (Cognito JWTs) and an Icelandic SIM-based auth flow — these are necessary for the CLI but are sensitive. The metadata omission of the tokens path is a discrepancy. No unrelated credentials are requested.
Persistence & Privilege
The skill is not always-enabled and does not request elevated platform privileges. It stores per-user tokens under ~/.kronan which is normal for a CLI. There is no evidence it would modify other skills or system-wide agent settings.
What to consider before installing
This skill mostly matches its stated purpose but has a few red flags you should address before installing or granting agent access: 1) Reconcile metadata: the registry claims no required binaries/paths but SKILL.md requires gh, bun, and uses ~/.kronan/tokens.json — assume these are required. 2) Audit the install flow: the recommended command clones the repo and runs install.sh which downloads and installs a binary; inspect install.sh and verify the release binary (check commit/release author, checksum/signature) before running. 3) Protect tokens: the CLI stores Cognito JWTs at ~/.kronan/tokens.json — set file permissions (chmod 600) and do not expose that file to third parties. 4) Avoid leaking PII: the 'kronan me' command returns full PII (including kennitala); do not paste these outputs into public logs or LLM prompts. Consider configuring your agent to require explicit user confirmation before any command that could return PII or change state (the skill already recommends confirmation for state-changing commands, but its guidance about read-only commands is too broad). 5) If possible, build from source (bun build) and verify the source code, or at minimum review the install script and release artifacts. If you need more assurance, ask the skill publisher for signed releases or a reproducible build and for the registry metadata to be updated to match the SKILL.md.Like a lobster shell, security has layers — review code before you run it.
latestvk975eqpc6n9nmd4syen7xaq0f583sgj3
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🛒 Clawdis