ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Assignment Check

v1.0.0

Check use's assignment folder and extracts and read uses assignment question files and tell user the deadline and how long approximately to finish them.

0· 298·0 current·0 all-time
by@b1llysh1
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name and description (check assignment folder, read PDFs, report deadlines and time estimates) align with the SKILL.md instructions to scan course folders and read PDF assignment files.
!
Instruction Scope
The SKILL.md explicitly instructs the agent to access a specific absolute path (/Users/billyshi/Desktop/Waterloo) and to read PDF files there. The skill does not declare required config paths or document that it needs filesystem access. Reading arbitrary user files is sensitive and should be declared and limited.
Install Mechanism
There is no install spec and no code files; this is instruction-only, so nothing will be written to disk during install. That lowers install-related risk.
!
Credentials
No environment variables or credentials are requested, which is good, but the skill implicitly requires filesystem access to a user directory. The absence of declared required config paths (or a prompt to ask the user for the folder) is inconsistent with the instructions and reduces transparency about what will be accessed.
Persistence & Privilege
The skill does not request persistent/always-on presence and uses normal autonomous invocation defaults. It does not attempt to modify other skills or system-wide settings.
What to consider before installing
Before installing or enabling this skill, consider the following: (1) It will read files under the hardcoded path /Users/billyshi/Desktop/Waterloo—confirm this is the folder you want the agent to access. (2) Prefer a version that asks you for the folder at runtime or declares required config paths instead of hardcoding an absolute user path. (3) If you care about privacy, test the skill on a dummy folder with sample PDFs first to confirm it only extracts deadlines and does not transmit sensitive content elsewhere. (4) If you enable it, make sure your agent runtime only grants file-read access to the intended folder (not your whole home directory). (5) If possible, ask the skill author to document exactly what data is read, how it is used, and whether any data is sent to external services.

Like a lobster shell, security has layers — review code before you run it.

latestvk9744g28r7ckee5jdpqpbv9gdd82hvmk

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments