ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Jupiter Quote

v1.0.0

Provides curated quotes about the planet Jupiter for educational or reference purposes upon request.

0· 98·0 current·0 all-time
byAndrew Boehner@boehner
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name and description (providing curated quotes about Jupiter) imply a simple, read-only capability that would not need credentials or installs. However the shipped SKILL.md is a generic authoring template with TODOs and contains no content or runtime instructions implementing that purpose, so the advertised capability is not actually present.
!
Instruction Scope
SKILL.md contains only template/authoring guidance and no concrete runtime directives (no commands, no data sources, no allowed endpoints, no sample requests/responses). Because it gives no explicit scope, an implementing agent or future edit could add broad network access or file reads; the current file does not constrain or describe what the skill will do at runtime.
Install Mechanism
There is no install spec and no code files. That minimizes risk from downloads or installs but also means the skill currently does nothing.
Credentials
The skill requests no environment variables, credentials, or config paths — consistent with a read-only quote provider. There is no disproportionate credential request in the metadata.
Persistence & Privilege
always is false and the skill is user-invocable; model invocation is allowed (default) which is normal. The skill does not request persistent presence or system modifications in its metadata.
What to consider before installing
This package is a placeholder/template rather than a working skill. Do not install it as-is if you expect a functioning 'Jupiter Quote' provider. Before installing, ask the publisher to provide a completed SKILL.md that clearly states: 1) where quotes come from (embedded/local file, included assets, or a named external API), 2) exact runtime steps the skill will perform, 3) any network endpoints it will call and any credentials it will require, and 4) sample inputs and outputs and licensing/attribution for quotes. If the skill will call external services, insist those endpoints and required environment variables be declared in the metadata. If you must use it now, only do so after confirming it does not fetch arbitrary web content or access sensitive files/credentials. Because the current file is empty, the main risk is uncertainty about future behavior — treat it as untrusted until clarified.

Like a lobster shell, security has layers — review code before you run it.

latestvk975j0g4penq6v7pjbhz4kccqx837z04

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments