Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Akashic Report Generator
v1.0.0Generate comprehensive reports on any topic using multi-agent AI collaboration. Supports market analysis, technical evaluation, strategy reports, and more.
⭐ 0· 50·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name, description, and the declared tools (mcp:akashic:generate_report, deep_research, generate_chart) align with a multi-agent report generator; there are no unrelated binaries, env vars, or install steps requested.
Instruction Scope
The SKILL.md instructs the agent to call platform tools for generation and research, but it sets 'skip_compliance: true' by default (unless user requests compliance), which explicitly directs the agent to bypass safety/regulatory checks. The instructions are vague about where 'deep_research' pulls data from, what sources are trusted, and what external endpoints receive data — leaving significant scope for data leakage, generation of noncompliant content, or undisclosed external queries.
Install Mechanism
Instruction-only skill with no install spec or downloaded artifacts; nothing is written to disk and there are no external installers to review.
Credentials
No environment variables or credentials are requested (proportionate), but the skill depends on opaque 'mcp:akashic' platform tools. Because those tools are external and not described here, it's unclear what credentials or network access they will use at runtime — the lack of provenance increases risk even though no vars are requested in the skill itself.
Persistence & Privilege
always is false and the skill does not request persistent system-wide changes. It can be invoked by the agent (normal), which combined with the instruction to skip compliance is the main risk context rather than persistence or privilege escalation.
What to consider before installing
This skill appears to do what it says (generate reports) but has two red flags you should consider before installing:
- The SKILL.md tells the agent to use skip_compliance: true by default. That explicitly instructs the tool chain to bypass compliance or safety checks unless the user asks otherwise — this can allow generation of regulated, sensitive, or unsafe outputs without guardrails. Ask the author to remove that default (require explicit consent to skip compliance) or to make compliance checks the default.
- The skill relies on opaque 'mcp:akashic' tools (generate_report, deep_research, generate_chart) but provides no provenance, homepage, or information about those services. Before using, ask: Where do these tools run? What data sources do they query? Do they send data to external endpoints? Are queries logged or stored? What credentials (if any) will the platform use? Without answers, you cannot audit what data might be transmitted or retained.
Other practical steps:
- If you need to use it, test with non-sensitive example data first.
- Request the author/publisher identity, homepage, and documentation for the Akashic MCP so you can verify data handling and retention policies.
- Prefer an explicit opt-in for skipping compliance and ask that the skill provide source citations and provenance for 'deep_research' results.
Given the instruction-level directive to bypass compliance and the lack of provenance for external tools, treat this skill as suspicious until the author can justify those choices and provide transparency.Like a lobster shell, security has layers — review code before you run it.
analysisvk975t4f2pfxg5gs38ca3vjnc8s83na2qlatestvk975t4f2pfxg5gs38ca3vjnc8s83na2qmulti-agentvk975t4f2pfxg5gs38ca3vjnc8s83na2qreportvk975t4f2pfxg5gs38ca3vjnc8s83na2qwritingvk975t4f2pfxg5gs38ca3vjnc8s83na2q
License
MIT-0
Free to use, modify, and redistribute. No attribution required.