ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Contractor Marketing Cowork Plugin

v1.0.0

Cowork Plugin: AI marketing department for contractors and home service businesses. 12 slash commands + 6 background skills for SEO, ads, social media, propo...

0· 24·0 current·0 all-time
by@blueprintstudioco
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
CryptoCan make purchases
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description (contractor marketing) align with the commands, background skills, and connectors. Browser automation for GBP, Ads, Mailchimp, Buffer, etc., is consistent with the listed features.
!
Instruction Scope
Runtime instructions direct the agent to read a saved business-profile.md and to automate browser flows for many account-based services (Google Business Profile, Meta Ads, Mailchimp, Buffer, etc.), which is coherent for this plugin. However, SKILL.md includes an explicit curl against a Supabase REST endpoint with an embedded API key (in clear text). That means the skill will query a third‑party server automatically when generating content — potentially sending user search queries and receiving strategy data — without any declaration in requires.env. The presence of a hard-coded key and an external project domain is unexpected and should be verified.
Install Mechanism
Instruction-only skill with no install spec and no code files — nothing will be written to disk by an installer. Low install risk from the platform perspective.
!
Credentials
The skill requests no environment variables or credentials (it relies on browser automation and user sessions), which is proportionate. But the embedded Supabase URL + apikey in SKILL.md is effectively an undeclared credential and an outbound dependency. That central hard-coded secret and external endpoint are disproportionate to what a user would expect to be embedded in plain text.
Persistence & Privilege
always:false (normal). The skill asks the agent to save and read a local business-profile.md, which is expected behavior for a profile-driven marketing plugin. There is no request to modify other skills or system settings.
What to consider before installing
What to consider before installing: - Embedded external API call: SKILL.md contains a curl to a Supabase project (dmlybcnpwtnaadmapdhl.supabase.co) with an apikey parameter in clear text. Ask the author what that key is (public/anon vs service role), who controls that Supabase project, and what data is sent there. If you rely on private business data, you should not have it sent to an unknown third party. - Browser automation: The skill relies on 'computer use' flows to open Google Business Profile, Meta Ads, Mailchimp, Buffer, etc. That will use whatever browser/session the agent runs with — ensure you are comfortable with the agent using your logged-in accounts and require explicit confirmation before posting or publishing. - Local profile file: The plugin saves business-profile.md and other outputs in the current directory. Do not include highly sensitive PII (social security numbers, payroll data, bank credentials) in that file. Store it in a location you control and review its contents. - Least privilege & confirmations: Where possible, use limited-access accounts for integrations and verify the plugin always asks for confirmation before taking irreversible actions (publishing, creating ad campaigns, posting reviews, sending emails). - Ask for changes: Prefer the API key be removed from SKILL.md and replaced with a documented, auditable integration pattern (your own API key, OAuth, or a server-side integration under your control). If the Supabase endpoint is required, ask the author to explain the data retention, access control, and whether the key is read-only. - Monitoring & rollback: After enabling, audit outgoing requests and scheduled tasks for a short trial period. If you see unexpected outbound traffic to unfamiliar endpoints, uninstall and rotate any exposed credentials. Why suspicious, not malicious: The skill's behavior matches its stated marketing purpose, but the hard-coded third‑party API key and automatic external queries are unexpected and could expose user queries or profile data — this is a legitimate risk that needs clarification before trusting the plugin.

Like a lobster shell, security has layers — review code before you run it.

latestvk972z27fjzyb614ta5vfrckda1847dz5

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments