ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Model Handoff

v1.0.0

Maintain a HANDOFF.md file in the workspace so context survives seamlessly when switching between LLM models (e.g. Claude → GPT → Gemini). Use when the user...

0· 53·0 current·0 all-time
by@bwiley1989
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description (maintain a HANDOFF.md for model-to-model context) matches the provided instructions and there are no unrelated requirements (no env vars, no binaries, no installs).
Instruction Scope
Instructions are explicit about creating/updating HANDOFF.md and when to do so. However, they also tell agents to 'point to credential files' (even while saying 'never inline secrets') and to 'keep current proactively' — this grants agents broad discretion to read the workspace and write context. That behavior is within the skill's purpose but could lead to unintended collection or exposure of sensitive files if not tightly controlled.
Install Mechanism
Instruction-only skill with no install spec or code. No files are downloaded or executed by the skill itself, which minimizes supply-chain risk.
Credentials
The skill requests no environment variables or credentials, which is appropriate. But the template encourages referencing 'credential files' by filename; pointing to credential storage can effectively expose secret locations to other models or agents with disk access. That is a proportionality concern in practice even though no explicit credentials are requested.
Persistence & Privilege
The skill is not always-on and does not request special privileges. However, the guidance to update HANDOFF.md proactively combined with normal autonomous invocation of skills could let an agent autonomously write or modify workspace files frequently. Consider restricting autonomous writes or requiring user confirmation for updates.
What to consider before installing
This skill appears to do what it says (create and keep a HANDOFF.md for switching models), but take precautions before installing/using it: do not store secrets or private data in HANDOFF.md; avoid referencing credential filenames unless those files are tightly access-controlled; require user confirmation before the agent updates HANDOFF.md or disable autonomous writes; limit which agents/models can read the workspace; and review HANDOFF.md changes manually in sensitive projects. If you want the skill to be safer, ask the author to (1) remove instructions that encourage pointing to credential filenames, (2) add an explicit safety rule to never include or reference secrets or private PII in any form, and (3) require explicit user approval before any proactive update to HANDOFF.md. Additional useful info to lower risk: whether the agent platform enforces file-permission isolation and whether skill-driven writes require user confirmations.

Like a lobster shell, security has layers — review code before you run it.

latestvk97amx11htxqdmwe2whnxwxmrn83qngy

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments