ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Monet Works Content Pack

v1.0.0

Content quality and compliance tools for financial writing. Automated QA remediation pipeline detects and fixes banned phrases, missing disclaimers, missing...

0· 58·0 current·0 all-time
byRunByDaVinci@clawdiri-ai
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name, description, README and SKILL.md all describe a content QA/humanizer pack; nothing in the provided files asks for unrelated credentials, binaries, or system access, so the declared purpose aligns with the visible content.
!
Instruction Scope
The SKILL.md does not contain runtime commands beyond telling the user/agent to run 'clawhub install' for two included skills (monet-works-content-qa-dv and ogilvy-humanizer-dv). Because the pack delegates functionality to those sub-skills and their manifests/code are not included here, the effective runtime behavior is unknown and could exceed the pack's stated scope.
Install Mechanism
This is an instruction-only pack with no install spec or code files in the bundle (lower immediate disk risk). However, the quick-start directs installation via clawhub for two other skill packages — those external installs are the real install surface and were not provided for review.
Credentials
The pack declares no required environment variables, no credentials, and no config paths. The visible files make no attempt to access secrets. That said, the included sub-skills (not present) could request env vars or credentials, so proportionality cannot be fully verified without them.
Persistence & Privilege
Default privileges (not always:true) and autonomous invocation not disabled — normal for skills. The pack makes no requests to modify other skills or system-wide settings in the provided files.
What to consider before installing
The Monet Works Pack itself is just a manifest that tells you to install two other skills; the immediate bundle contains no code or secrets and matches its stated purpose. Before installing or granting it runtime access, inspect the two referenced packages (monet-works-content-qa-dv and ogilvy-humanizer-dv): review their SKILL.md and any install specs, check for requested environment variables or network endpoints, and confirm no archives are downloaded from untrusted URLs. Prefer packages from known owners, test in a sandbox on non-sensitive content, and only allow automated invocation after you verify the sub-skills' code and permissions.

Like a lobster shell, security has layers — review code before you run it.

latestvk974gdt50d7jk3mmqztxb0yszh83fca6

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments