ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Munger Decision

v1.3.0

Charlie Munger's mental model decision assistant. Analyzes your decision scenario, recommends the most relevant thinking models, and guides you through struc...

0· 53·0 current·0 all-time
byDavid@cdz0451
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description (a decision assistant based on Munger models) align with the code and docs: there are detectors, recommenders, dialogue and reporter modules and a rich model database. However the registry metadata says 'instruction-only' / 'no install spec' while the package includes 30+ source files, package.json/lock, scripts and data — that mismatch is unexpected and should be explained by the publisher.
Instruction Scope
SKILL.md describes only decision-assistant runtime behavior (scene detection, model recommendation, guided Q&A, Markdown report generation) and does not ask to read unrelated system state or credentials. The development section instructs running npm install and tests inside an agent workspace path (/root/.openclaw/...), which is a developer action but could be confusing if executed in a production agent environment.
!
Install Mechanism
The package has no declared install spec in the registry, yet SKILL.md and project files instruct running 'npm install' and tests. A package-lock.json is present. Running npm install pulls external packages and may run lifecycle scripts (postinstall, prepare) that execute arbitrary code — this is the main practical risk. The absence of a registry install spec but presence of code + package-lock is an inconsistency and increases the chance of accidental execution of third‑party code.
Credentials
The skill declares no required environment variables, credentials, or config paths, and the runtime instructions do not request secrets. That is proportionate to a local rule-based decision assistant. Still, because npm install is suggested, the package dependencies should be inspected for any modules that expect or leak credentials.
Persistence & Privilege
The skill does not request 'always: true' and keeps normal invocation defaults. Development docs show file operations within the skill directory (e.g., generating references/models.md, backups of SKILL.md) which are reasonable for a code project but you should confirm the skill will only write inside its own directory and not modify other skills or system-wide agent configuration.
What to consider before installing
This package mostly looks like a legitimate decision-assistant implementation, but there are two things to check before installing or running it in an agent environment: 1) Mismatch: the registry says "instruction-only" / no install, but the bundle contains many source files and a package-lock.json and SKILL.md instructs to run npm install. Ask the publisher why the registry metadata presents it as instruction-only and confirm the intended installation/run steps. 2) Inspect dependencies and scripts: open package.json and package-lock.json and check for any postinstall/prepare scripts or unusual dependencies (personal Git URLs, tarball URLs, or packages with broad permissions). If you must run npm install, do it in an isolated sandbox/container and scan network activity. Prefer to run tests and lints locally in a sandbox first. Other practical checks: - Review package.json scripts for lifecycle hooks that execute arbitrary code. - Grep src/ for network calls (fetch, axios, http, net, child_process/exec), eval, or code that reads paths outside the skill directory (e.g., /root or system config paths). - Confirm the skill will not require any API keys or credentials for its core functionality. If you cannot audit the package, run it with restricted filesystem and network permissions (or in a disposable VM) rather than directly in an agent that has access to production data or other skills.

Like a lobster shell, security has layers — review code before you run it.

latestvk976ep9e1pyk9fejj6g6c864dh83zpeh

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments