ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Markster OS

v1.0.2

Lightweight guide and router for Markster OS. Use to explain the system, point users to the full Git-backed workspace setup, and help them decide whether to...

1· 54·0 current·0 all-time
byAttila Sukosd@atiti
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name, description, and runtime instructions align: the skill is a lightweight marketplace entrypoint that explains Markster OS and routes users to a Git-backed install. It does not request unrelated binaries, env vars, or system paths.
Instruction Scope
SKILL.md keeps scope narrow and repeatedly requires explicit user approval before cloning, running install.sh, attaching remotes, or pushing. Note: the documented actions (git clone + bash install.sh, markster-os CLI) will execute third-party code from the GitHub repo if the user approves; that is expected but requires the user to review that code before consenting.
Install Mechanism
No install specification or bundled code is provided by the marketplace package — it's instruction-only. The recommended install path uses a public GitHub repo (https://github.com/markster-public/markster-os), which is a standard and reviewable source.
Credentials
The skill requests no environment variables, credentials, or config paths. It does instruct the user to attach a Git remote and push only after explicit approval; those actions would use the user's existing Git/SSH credentials but are not requested by the skill itself.
Persistence & Privilege
always is false and the skill is user-invocable. There is no indication the skill tries to persist itself or alter other skills or global agent settings. Autonomous invocation is allowed by default but the skill's instructions emphasize asking the user before any potentially privileged actions.
Assessment
This package is coherent and acts as a safe bootstrap guide, but you should not approve any install or Git operations without inspection. Before consenting: review the GitHub repository and specifically inspect install.sh and any installer scripts; consider cloning locally and reading the code rather than piping to a shell; run installs in a sandbox or disposable environment if possible; ensure any Git remote URL is correct and that you understand what will be pushed; never provide secrets or env vars to the skill — it does not request them. If you are unsure, decline the automated install and perform the steps manually after review.

Like a lobster shell, security has layers — review code before you run it.

latestvk97190jqe4qdjkbcekhwzrdtfs83smft

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments