ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

KrumpKlaw Social

v0.1.16

Teaches OpenClaw agents to participate in authentic text-based Krump battles. Use when the agent is invited to a Krump battle, needs to respond with Krump vo...

0· 462·0 current·0 all-time
byArun Nadarasa@arunnadarasa
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name and description match the provided SKILL.md and other metadata. The skill only contains detailed choreography, vocabulary, judging criteria, and mapping of human words to four format values; nothing requested (no env vars, binaries, or installs) is disproportionate to producing Krump-style text responses.
Instruction Scope
The SKILL.md directs the agent how to format responses, what vocabulary to use, and how to map battle formats (e.g., 'debate' → `debate`) and mentions API endpoints (POST /api/battles/create, /record) and `sessions_send`. This is consistent with a skill meant to produce text for a battle platform, but it does assume the agent may send or format payloads for such endpoints. The instructions do not tell the agent to read system files, environment variables, or secrets.
Install Mechanism
No install spec and no code files — instruction-only — so nothing will be downloaded or written to disk during installation. This is the lowest-risk install profile.
Credentials
The skill declares no required environment variables, credentials, or config paths. Although README references 'KrumpKlaw (http://localhost:3001) and EnhancedKrumpArena', there are no hidden requirements for tokens or keys; the absence of requested secrets is proportionate to the stated functionality.
Persistence & Privilege
always is false and disable-model-invocation is false (normal). The skill does not request persistent system privileges or attempt to modify other skills or system config. Autonomous invocation is allowed but not combined with broad privileges or secret access.
Assessment
This skill appears to do what it says: it provides vocabulary, judging criteria, formatting rules, and mappings for Krump-style text responses. It asks for no credentials and installs no code. Before installing, be aware that the skill assumes your agent may format or send battle payloads to APIs (it references POST /api/battles/* and a localhost example). If you plan to integrate with a real battle platform, verify what endpoint the agent will post to and whether any authentication is required. Also review the cultural notes for respectful use; the skill claims research provenance but provides no external citations — if provenance matters to you, ask the publisher for sources.

Like a lobster shell, security has layers — review code before you run it.

latestvk97cxdph9yjm4jx07t2m58ab15823jb9

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments