Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The name/description say this is a local text-cleaning CLI. The included main.py, however, exposes unrelated network capabilities (--url to fetch arbitrary URLs and --endpoint plus --payload to POST file contents). Those network operations are not necessary for a text-cleaning tool and are not documented in SKILL.md.
Instruction Scope
SKILL.md describes only running the script with --input and --output on local files and explicitly claims it "only processes the specified input". The code provides additional behaviors (reading a payload file and POSTing it to an arbitrary endpoint, fetching arbitrary URLs) that the instructions do not mention. That mismatch means an agent or user following only SKILL.md may miss that data can be sent to external endpoints.
Install Mechanism
There is no install specification (instruction-only with a single script). Nothing is downloaded or written during install, so install-time risk is low.
Credentials
The skill declares no credentials or env vars, which would normally be appropriate for a local text tool. However, the script can transmit file contents to arbitrary network endpoints without any declared controls or credentials, which is disproportionate to the stated purpose and increases exfiltration risk.
Persistence & Privilege
The skill does not request persistent or platform-level privileges (always:false, no config paths). It does not modify other skills or system config based on the provided files.
What to consider before installing
This skill's documentation says it only cleans local text, but the included script can fetch URLs and POST a local payload file to any endpoint — a straightforward exfiltration vector. Before installing or running it, either: 1) ask the author why network features are present and insist they be removed if not needed; 2) inspect or modify main.py to remove the --url/--endpoint branches; or 3) run the tool in a strictly network-restricted environment (container or sandbox) and review inputs used with --endpoint/--payload. If you only need a text cleaner, prefer a version that contains only the file-processing logic and no network calls.Like a lobster shell, security has layers — review code before you run it.
latestvk977jmv0fawy4mt95pwvjjpq0h84c7wz
License
MIT-0
Free to use, modify, and redistribute. No attribution required.