Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description say 'home layout / decor / traffic flow', but SKILL.md focuses on geographic filters, social popularity, real‑time queue/booking info and navigation — content reads like a local business discovery or reservations tool, not a home-layout assistant. This is a clear mismatch.
Instruction Scope
The SKILL.md asks for return fields such as real-time queue status, electronic ticket numbers, navigation paths and community photo galleries but provides no guidance on how to obtain those (no APIs, endpoints, or data sources). The instructions are vague and grant broad discretion to ‘combine geographic info and community popularity’, which could lead the agent to access external services or user location without declared constraints.
Install Mechanism
Instruction-only skill with no install spec and no code files — low install surface and nothing written to disk.
Credentials
The skill declares no environment variables or credentials, yet requests real‑time data (queues, reservations, navigation) that would typically require external API keys or user location. This mismatch is noteworthy: either the skill is incomplete (missing declared data sources/credentials) or it expects the agent to fetch data from unspecified places.
Persistence & Privilege
always:false and no special persistence or system config writes. Autonomous invocation is allowed by default but not combined with other privilege red flags here.
What to consider before installing
Do not install solely based on the name. Ask the publisher to clarify intended purpose and to align SKILL.md with that purpose. Specifically request: (1) whether this is a home-design tool or a local business/reservation helper, (2) exactly which external APIs or data sources it will call, and (3) any environment variables or credentials it will require. Prefer only installing after the author adds explicit data-source endpoints and justifies any credentials. Because the SKILL.md is vague, test the skill in a sandboxed environment and avoid granting sensitive credentials or broad data access until the mismatch is resolved.Like a lobster shell, security has layers — review code before you run it.
latestvk97d0sq7cheszqnrk3xp9vhw6h83fnr5
License
MIT-0
Free to use, modify, and redistribute. No attribution required.