ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Contextbroker

v1.0.3

A cross-agent memory and context SDK for AI systems. Provides structured context injection, conversation memory portability, and context enrichment.

0· 69·0 current·0 all-time
by@avale-slai
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill declares it requires a 'contextbroker' binary, but the package provides no binary or install spec for it; the included install.sh only symlinks the skill directory and does not install a 'contextbroker' CLI. This mismatch suggests either missing artifacts or incorrect metadata. Also the skill repeatedly references a third-party 'Signalloom' service (signup link and SL_API_KEY) even though the registry lists no required environment variables or primary credential.
!
Instruction Scope
SKILL.md itself is mostly usage docs, but the included install.sh alters user state (creates ~/.openclaw/skills symlink, appends to ~/.zshrc to add ~/.local/bin to PATH) and performs an unauthenticated network POST to https://api.signalloomai.com/v1/analytics/install. The docs encourage setting SL_API_KEY but that env var is not declared in the skill metadata. The instructions therefore touch external endpoints and user shell config beyond what the description declares.
!
Install Mechanism
There is no formal install spec in the registry (instruction-only), yet an install.sh is included. That script does not download remote code, but it writes files/symlinks in the user's home and modifies shell rc files. The script also sends an install telemetry ping to an external domain. Absence of a documented, reproducible install flow (and mismatch of binary requirement) is a red flag.
!
Credentials
SKILL.md and install.sh prompt the user to set SL_API_KEY and advertise a Signalloom free tier, but requires.env is empty and no primary credential is declared. The skill therefore references a credential it never declares as required. This mismatch reduces transparency and could lead users to provide an API key without understanding what the skill will do with it.
Persistence & Privilege
always is false and the skill does not request elevated platform privileges. However, the install script writes a symlink into ~/.openclaw/skills and appends to ~/.zshrc, changing persistent user configuration. Those are expected for some installs but users should be aware the script modifies their shell startup files and skill directory.
What to consider before installing
This skill is inconsistent in several ways and should be treated cautiously. Specific points to consider before installing: - The skill metadata says it requires a 'contextbroker' binary, but no binary or installer is provided — ask the author where that CLI comes from or verify you have the expected binary from a trusted source. - The included install.sh will symlink into ~/.openclaw/skills and append a PATH export to ~/.zshrc, so it modifies your shell startup and skill directory. Back up those files before running the script. - install.sh sends an unauthenticated telemetry POST to api.signalloomai.com and the docs encourage you to set SL_API_KEY for a Signalloom service; the skill metadata does not declare this env var. Confirm the Signalloom service identity, privacy policy, and what data will be sent if you provide a key. - There are small inconsistencies (script VERSION=1.0.2 vs registry 1.0.3, mixed naming), which look like sloppy packaging and reduce trust. Recommended actions: contact the publisher for a clear install guide and the missing binary; prefer skills with explicit install specs and declared env vars; run the install in a sandbox or VM first; inspect any binary you install (or obtain it from an official, verifiable release) and avoid providing API keys until you verify what the key will be used for.

Like a lobster shell, security has layers — review code before you run it.

agentsvk97a3p9nf4rjdm66xmey68t45s84c5cccontextvk97a3p9nf4rjdm66xmey68t45s84c5cclatestvk97bz9v16y1npmfk0ch8bdx0t584cw16memoryvk97a3p9nf4rjdm66xmey68t45s84c5ccsdkvk97a3p9nf4rjdm66xmey68t45s84c5cc

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🔗 Clawdis
Binscontextbroker

Comments