ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Privacy Concierge

v1.0.0

Personal AI assistant that monitors your online privacy, calculates exposure scores, automates data broker opt-outs, tracks breaches, and offers privacy advice.

0· 428·1 current·1 all-time
by@charlielila
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The SKILL.md claims Supabase storage, Telegram messaging, LLM inference, and email sending and lists GROQ_API_KEY, SUPABASE_URL & SUPABASE_ANON_KEY, and TELEGRAM_BOT_TOKEN as required. The registry metadata, however, declares no required environment variables — this mismatch is a red flag. Also config.json includes a default local LLM (llama-3.3-70b-versatile) while SKILL.md asks for a GROQ_API_KEY for inference, which is inconsistent. Requesting a SUPABASE_ANON_KEY for a component that performs writes/DSARs may be insufficient or inappropriate (writes usually require a privileged key). Overall some requested capabilities make sense for the described functionality (Supabase for memory, Telegram for alerts), but the declared requirements and runtime assumptions do not align.
!
Instruction Scope
SKILL.md describes web search, Supabase read/write, and email opt-outs and states data stays only in Supabase. It does not describe reading local filesystem data. Yet the bundle contains tools/read.js — a generic file-read helper that can synchronously read arbitrary files by path. That capability is not documented and could be used to access local secrets or sensitive files. SKILL.md also mentions 'email sending' but does not declare any SMTP or email-provider credentials needed. Proactive unprompted messaging (cron/webhooks) is also described but not operationally constrained.
Install Mechanism
This is instruction-only with no install spec, which is lower-risk in that nothing is downloaded during install. However the skill includes a code file (tools/read.js) that will run inside the agent environment when invoked; any included code will execute at runtime even without an install step. There is no third-party package download or obscure URL involved.
!
Credentials
SKILL.md requests GROQ_API_KEY, SUPABASE_URL & SUPABASE_ANON_KEY, and TELEGRAM_BOT_TOKEN — these map to LLM inference, storage, and messaging and are plausible. However: (1) the registry metadata lists no required env vars (incoherent); (2) SUPABASE_ANON_KEY is typically a low-privilege key and may not be appropriate for write/delete operations (DSARs/opt-outs could require a service role key); (3) GROQ_API_KEY conflicts with the local default_model in config.json; and (4) email-sending is described but no SMTP/API keys are requested, suggesting an undocumented external dependency. The presence of a generic file reader increases the risk that environment secrets or local credentials could be accessed if the skill is misused.
Persistence & Privilege
always is false (no forced persistent inclusion), and disable-model-invocation is false (normal autonomous invocation allowed). The skill states it can proactively message users (cron/webhooks). Autonomous invocation combined with messaging and access to external services (Supabase/Telegram) increases blast radius if the skill misbehaves, but on its own this is an expected capability for this type of assistant.
What to consider before installing
Do not install or provide secrets yet. Ask the publisher for clarification and fixes first: 1) Explain why the registry metadata lists no env vars while SKILL.md requires GROQ_API_KEY, SUPABASE_URL/SUPABASE_ANON_KEY, and TELEGRAM_BOT_TOKEN; update registry metadata to match. 2) Remove or restrict tools/read.js (or replace it with a limited-purpose API) — a generic file-read helper can be used to access local secrets and is unnecessary for the described features. 3) Clarify which Supabase key is required; for deletions/DSARs a service-role key is more likely needed (and is sensitive); prefer least privilege and explicit guidance on key scope. 4) Explain how email sending is implemented and which credentials are required (SMTP/API keys) and update SKILL.md. 5) Ask for the upstream source or homepage and a code audit; run the skill in a sandbox with monitored network access before giving it real credentials. If you must try it, create dedicated, limited-permission test credentials (test Supabase project, Telegram bot scoped to a test chat, and a throwaway LLM key) and do not reuse any production secrets.

Like a lobster shell, security has layers — review code before you run it.

latestvk9746c4k227hxthyts6m05e94581s893

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments