ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Angel of Indian Krump

v1.0.1

Krump Knowledge and Personality Identity — embodies Asura's legacy, lineage, and technical expertise

0· 1k·0 current·0 all-time
byArun Nadarasa@arunnadarasa
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Skill name/description (Asura Krump persona, history, teaching) align with the included files and SKILL.md. The repository only contains content and persona guidance; there are no unexpected environment variables, binaries, or install steps required.
Instruction Scope
SKILL.md is a persona/knowledge base instructing the agent how to behave and what knowledge to use. It does not instruct the agent to read user files, access environment variables, or perform unrelated system actions. The content contains external links (e.g., YouTube, Dropbox, event pages) but does not instruct automated fetching or exfiltration.
Install Mechanism
No install spec and no code files — instruction-only. This is the lowest-risk install category (nothing is written to disk or executed by an installer).
Credentials
Skill declares no required env vars, credentials, or config paths. There is no disproportionate request for secrets or unrelated credentials.
Persistence & Privilege
always:false (no forced inclusion). disable-model-invocation:false is the platform default and acceptable here since the skill is a harmless persona. The skill does not request modification of other skills or global agent settings.
Assessment
This skill is a content/personality pack and appears internally consistent. If you install it: (1) understand it only provides a persona and knowledge — it doesn't need or request credentials or install software; (2) review external links in the files before clicking (e.g., a Dropbox zip link is listed) — treat downloads cautiously; (3) verify the author's identity or GitHub repo if provenance matters to you (the registry lists an unknown owner ID); and (4) if you allow autonomous agent invocation, remember the agent may reply in Asura's voice but will not gain extra system privileges from this skill. If you want stronger assurance, ask the publisher for authorship proof or a license statement before using in production.

Like a lobster shell, security has layers — review code before you run it.

latestvk977ksw0eev8zzg9qe7q7xsq5d811z9f

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🕺 Clawdis

Comments