ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Beddel

v0.1.0

Execute declarative YAML AI workflows with branching, retry, multi-provider LLM support, guardrails, and OpenTelemetry tracing via the Beddel Python SDK. Use...

0· 50·0 current·0 all-time
byBota na Rede@botanarede
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill is an instruction-only adapter for the Beddel CLI and correctly requires python/pip and the beddel binary. However the metadata forces a single primary credential (GEMINI_API_KEY) even though the SKILL.md repeatedly describes 'multi-provider LLM support' and says 'any LiteLLM-supported provider' can be used. Requiring GEMINI_API_KEY as the only required env is narrower than the prose suggests and could be either a convenience choice or an unnecessary hard dependency.
!
Instruction Scope
The runtime instructions encourage running arbitrary shell commands via the `tool`/`shell_exec` primitive and include a bundled workflow that automatically installs or reinstalls an OpenClaw plugin (`openclaw plugins install @botanarede/beddel`). The docs also describe a `$env` namespace that reads os.environ (no per-variable restriction), meaning workflows can access arbitrary environment variables. Both the automated plugin-install step and the ability for workflows to reference arbitrary env vars broaden the skill's operational surface beyond simply 'execute workflows' and create real potential for accidental modification of the agent environment or secret exposure.
Install Mechanism
The skill is instruction-only (no install spec) which is lower risk for local code writes. However the provided example workflow instructs the agent to install an external OpenClaw plugin (`@botanarede/beddel`) using the agent's CLI, which causes the agent to modify its own plugin set. That side-effect is not handled by an install spec and could install third-party code without additional vetting.
!
Credentials
The skill declares and requires GEMINI_API_KEY (primary credential). That is reasonable for using the Gemini provider, but the skill claims multi-provider support and its variable-resolution docs explicitly allow reading arbitrary env vars via `$env.<NAME>`. The declared required env list does not reflect the wider capability to read any environment variable at runtime, which makes the single declared credential appear insufficient and potentially misleading. Workflows could read or surface unrelated secrets if crafted or misused.
Persistence & Privilege
The skill does not request always:true and does not explicitly change other skills' configs, but example workflows directly call `openclaw plugins install ...` which modifies the agent's plugin set. This is a significant side-effect (modifies agent environment/plugins) even though it's not represented as elevated 'always' privilege in the manifest.
What to consider before installing
This skill appears to be a reasonable adapter for the Beddel CLI, but exercise caution before installing or granting credentials. Actionable steps to reduce risk: - Do not provide a high-privilege or broadly-scoped GEMINI_API_KEY to an untrusted skill. Prefer a scoped/test key or run within an isolated environment. - Inspect any workflow YAML you run (especially bundled examples). Look for `$env.` uses and remove or audit references to environment variables you don't want exposed. - Be cautious about running the bundled `setup-beddel` workflow: it will call `openclaw plugins install @botanarede/beddel` and thus change the agent's plugins. Verify the plugin source (review @botanarede/beddel repo) before allowing installation. - If you need multi-provider support, confirm how to supply other provider keys (the skill declares only GEMINI_API_KEY). Consider whether you can run beddel CLI directly in a sandbox with only the intended provider credentials present. - Prefer running this skill in an isolated container or ephemeral environment where installing plugins and running shell commands cannot affect sensitive host resources. If you want a more confident assessment, provide the upstream plugin/package source (homepage/repository) for @botanarede/beddel and confirmation whether the skill author intends GEMINI_API_KEY to be mandatory vs. recommended; that would clarify proportionality and trust.

Like a lobster shell, security has layers — review code before you run it.

latestvk97a4cg7mxkwv7g3far7230n7983hf9k

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🔄 Clawdis
Binspython3, pip, beddel
EnvGEMINI_API_KEY
Primary envGEMINI_API_KEY

Comments