ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Nm Abstract Skills Eval

v1.8.3

Evaluate and improve Claude skill quality through auditing

0· 79·1 current·1 all-time
by@athola
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description (skills evaluation and improvement) align with the contents: the SKILL.md and modules are focused on auditing, scoring, and optimizing skills. The declared required config paths (night-market.modular-skills, night-market.performance-optimization) are consistent with a Night Market integration.
!
Instruction Scope
SKILL.md repeatedly instructs running CLI commands and Python scripts (make, skill_analyzer.py, token_estimator.py, scripts/*, integration-tester, etc.) and shows example code that reads skill files and runs subprocesses. However, this skill bundle contains only markdown modules (no scripts or executables). That mismatch means the runtime instructions expect tools/resources that are not delivered here; running such examples would execute subprocesses and could run arbitrary binaries if present on the host.
Install Mechanism
No install spec (instruction-only) which reduces installation risk. However the content references a scripts/ directory and CLI tools that are not present in the provided manifest — users should confirm those scripts exist in the upstream repo before executing any commands.
Credentials
The skill declares no environment variables, no credentials, and does not request system-wide secrets. The only external requirements are specific configuration paths for Night Market; ensure those config keys do not contain unrelated secrets before granting the skill access to them.
Persistence & Privilege
always:false and default invocation behavior. The skill does not request permanent/privileged presence and does not appear to modify other skills' configurations in its docs. If you allow autonomous invocation, standard platform cautions apply but there is no additional privilege requested here.
What to consider before installing
This is a documentation-first auditing skill (no code files included) that describes many scripts and command-line tools but does not bundle them. Before installing or running it: 1) verify you have the referenced claude-night-market repository or the Claude Code plugin that provides the scripts; 2) inspect any external scripts (scripts/, integration-tester, compliance-checker, etc.) before running — examples use subprocess execution which can run arbitrary binaries; 3) check the Night Market config paths (night-market.modular-skills, night-market.performance-optimization) to ensure they don't expose unrelated secrets; and 4) if you enable autonomous agent invocation, be cautious — an agent following these docs could execute local tools or run commands if those tools are present. If you need certainty, ask the maintainer for the associated scripts or a full package that includes the executable tooling before proceeding.

Like a lobster shell, security has layers — review code before you run it.

latestvk972wrb3195eb0hy76xatx2st184kafv

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🦞 Clawdis
Confignight-market.modular-skills, night-market.performance-optimization

Comments