Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

HokiPoki

v1.0.0

Switch AI models without switching tabs using the HokiPoki CLI. Hop between Claude, Codex, and Gemini when one gets stuck. Use when the user wants to request help from a different AI model, hop to another AI, get a second opinion from another model, switch models, share AI subscriptions with teammates, or manage HokiPoki provider/listener mode. Triggers on: 'use codex/gemini for this', 'hop to another model', 'ask another AI', 'get a second opinion', 'switch models', 'hokipoki', 'listen for requests'.

⭐ 1· 1.9k·4 current·4 all-time

by@budjoskop

MIT-0

Download zip

LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.

Security Scan

VirusTotal

Suspicious

View report →

OpenClaw

Suspicious

medium confidence

ℹ

Purpose & Capability

The declared purpose — routing tasks to other AI models via a CLI — aligns with the runtime instructions (hokipoki request/register/listen). However the docs reference other tools' token file locations (~/.codex/auth.json, ~/.gemini/oauth_creds.json) and recommend sharing subscriptions/team workspaces; while plausible for a P2P provider, those references broaden the skill's scope and merit confirmation of intended token usage.

Instruction Scope

Instructions direct the agent/user to send specific files, directories, or the whole repository (hokipoki request --all) to remote peers and to auto-apply patches to the local git repo. They also advise editing other tool config files (e.g., ~/.codex/config.toml) and enabling a provider listen mode that accepts inbound requests. These steps legitimately implement the stated feature but also enable transmission of potentially sensitive repo contents, editing of local configs, and execution of remote-supplied changes — all of which should be explicitly consented to and audited.

Install Mechanism

Although the registry contains no install spec, the SKILL.md tells users to run `npm install -g @next-halo/hokipoki-cli`. Installing a global, third-party npm package from an unknown author/scope is a meaningful risk (arbitrary code execution on install). No homepage, source repo, or package provenance is provided in the skill metadata to validate the package.

Credentials

The skill declares no required env vars but the docs reference token locations for multiple toolchains and describe sharing AI subscriptions and workspaces. That implies access to credentials stored on disk and potential credential use for outbound/inbound requests. The combination of repo uploads, token locations, and provider/listen mode increases the chance of accidental credential exposure or unintended sharing of sensitive files.

Persistence & Privilege

Provider/register and listen workflows create a long-running listener on the user's machine that auto-triggers re-auth and executes incoming tasks (albeit claimed to run in containers). While always:false (not force-installed), running as a provider grants persistent network exposure and the ability to execute work on your machine — a significant privilege that should only be enabled on a well-audited, isolated host.

What to consider before installing

Before installing or running this skill, verify the hokipoki CLI's source: find the npm package repository, inspect its code, and confirm the maintainers. Don't run provider/listen on your main machine — use an isolated VM or disposable host if you must accept inbound requests. Be cautious when using --all or including directories: sensitive files (credentials, private keys, .env, internal configs) can be uploaded; double-check .gitignore and manually exclude secrets. Avoid installing global npm packages from unknown scopes without review. If you plan to act as a provider, confirm exactly how tokens are used and stored, whether API keys ever leave your machine in any form, and test container isolation (don't assume claims like 'LUKS-encrypted Docker containers' are enforced). If you need to proceed but want lower risk: (1) audit the npm package source, (2) run hokipoki only as a requester (not provider), (3) run it inside an isolated container/VM, and (4) never include secrets in requests.

Like a lobster shell, security has layers — review code before you run it.

latestvk979x8p2xj0kabmetpdb5j0p9s7zzrz6

License

MIT-0

Free to use, modify, and redistribute. No attribution required.

Termshttps://spdx.org/licenses/MIT-0.html

HokiPoki

License

Comments