ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Sales Dashboard

v1.0.0

Aggregate sales data from OKKI CRM and Campaign Tracker to generate weekly/monthly reports with alerts and push them to Discord.

0· 45·0 current·0 all-time
byJaden's built a claw@cjboy007
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The description says it pulls from OKKI CRM and optional local files and pushes to Discord, which matches the scripts' high-level behavior. However, config/dashboard-config.json contains absolute paths into another user's workspace (e.g. /Users/wilson/.openclaw/workspace/xiaoman-okki/...) and references other skill workspaces (campaign-tracker, follow-up-engine, etc.). The skill did not declare any required environment variables or credentials, yet the code expects and will read other projects' config/token files. Accessing unrelated workspace paths is disproportionate to the stated purpose and unexpected.
!
Instruction Scope
The SKILL.md instructs running the included node scripts, but the scripts read arbitrary local files and environment variables beyond what's documented: they load .env (ENV_PATH), look for OKKI client/config files and token.cache in an OKKI_WORKSPACE, and reference other skills' scripts/dirs. They also write snapshots, logs, and token cache files. The SKILL.md does not disclose these filesystem accesses or that it will read other skills' project files, which is scope creep.
Install Mechanism
There is no external install step or remote download; this is an instruction-only skill with bundled JS files. That lowers install risk (no remote code fetch), but the included code will run on the host and access local files when invoked.
!
Credentials
The registry metadata shows no required env vars or credentials, but the code loads a .env, honors OKKI_WORKSPACE/ENV_PATH environment variables, and reads OKKI API config (which may include clientId/clientSecret) and a token cache. The skill can therefore read secrets from local config files without declaring them. It also writes token.cache into the referenced OKKI workspace, giving it write access into other project areas — this is disproportionate and surprising given the declared requirements.
!
Persistence & Privilege
always:false (normal), but the scripts create and update files: data/snapshots, data/latest.json, logs/, reports/, and importantly OKKI_TOKEN_CACHE inside the referenced OKKI_WORKSPACE. That means the skill can modify files in other workspaces if paths resolve, giving it a persistent footprint outside its own directory. Autonomous invocation is allowed by default (not flagged alone) and would increase blast radius given the file-access behavior.
What to consider before installing
Before installing or enabling this skill: - Inspect config/dashboard-config.json and any referenced OKKI client/config files. The config contains absolute paths to /Users/wilson/... and other skill workspaces — if those exist on your system the skill will read them (and may read credentials inside). - Treat the skill as requiring access to local secrets even though no env vars are declared: it loads .env files and OKKI API config (which can contain client_id/client_secret) and will request tokens from the OKKI token endpoint. - If you do not want it to access other projects, change OKKI_WORKSPACE and ENV_PATH environment variables (or sanitize the config) to point to a safe location, or remove/replace absolute paths in config/dashboard-config.json before use. - Because the collector writes a token cache and logs into the referenced OKKI workspace, run the skill in an isolated environment (container or dedicated account) if you cannot fully audit the referenced files. - Consider requesting the publisher to: 1) remove hard-coded absolute paths, 2) declare required env vars/credentials in registry metadata, and 3) make explicit what external files it needs and why. If you can't verify those changes, avoid giving this skill autonomous invocation or run it only manually with dry-run options. If you want, I can: point out the exact lines that read/write external paths, help create a sanitized config, or suggest a safe sandbox command to run the scripts for testing.

Like a lobster shell, security has layers — review code before you run it.

latestvk9722bs1vypy22v0shhf3s0pqx83q511

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments