ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Monet Works Content Pack

v1.0.0

Content quality and compliance tools for financial writing. Automated QA remediation pipeline detects and fixes banned phrases, missing disclaimers, missing...

0· 44·0 current·0 all-time
byRunByDaVinci@clawdiri-ai·duplicate of @clawdiri-ai/monet-works
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description (financial content QA and 'humanizer') align with the SKILL.md and README content. The pack is an aggregator that installs two named included skills; that is a coherent design for a 'pack'.
Instruction Scope
SKILL.md only instructs use of 'clawhub install' to install two included skills. The README describes functionality that would require reading drafts and producing change-report JSON, but those runtime behaviors belong to the included skills (monet-works-content-qa-dv, ogilvy-humanizer-dv), which are not present for inspection. Because the pack delegates rather than containing implementation, the actual instruction scope depends entirely on those unreviewed skills.
Install Mechanism
This is instruction-only with no install spec and no code files in the package. That minimizes direct disk/exec risk from the pack itself. The runtime install commands will fetch other skills via clawhub, which is expected for a pack but moves risk to the fetched packages.
Credentials
The pack declares no required environment variables, binaries, or config paths. However, the included skills (not provided) might request credentials or env vars; that cannot be assessed here.
Persistence & Privilege
Flags are default (always:false, user-invocable:true, agent invocation allowed). The pack does not request permanent presence or elevated privileges itself.
What to consider before installing
This pack itself is an index/installer that tells the agent to install two other skills. The immediate risk from this pack is low, but the real behavior depends on the two included skills (monet-works-content-qa-dv and ogilvy-humanizer-dv), which were not provided. Before installing or using this pack: 1) Inspect the SKILL.md and any code for the two included skills (look for network calls, external endpoints, required env vars like API keys, or commands that read arbitrary files). 2) Verify the provenance of those skills (who published them, repository/homepage, and whether they are signed or reviewed). 3) If you must try it, run the installation in an isolated environment or sandbox and test with non-sensitive sample drafts. 4) Be cautious if the downstream skills ask for secrets or broad filesystem access — those would be disproportionate for a content QA tool. If you can provide the SKILL.md/code for the included skills, I can re-evaluate more precisely.

Like a lobster shell, security has layers — review code before you run it.

ai-detectionvk97486q363y0cf4sjb3s795ewh83qqakcompliancevk97486q363y0cf4sjb3s795ewh83qqakcontentvk97486q363y0cf4sjb3s795ewh83qqaklatestvk97486q363y0cf4sjb3s795ewh83qqakwritingvk97486q363y0cf4sjb3s795ewh83qqak

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments