Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill claims to provide real‑time queue/booking status, accurate navigation, and community photos/reviews — capabilities that normally require access to mapping, reservation, or review APIs (and possibly the user's location). However, the skill declares no dependencies, environment variables, or APIs. That mismatch makes it unclear how the skill would legitimately deliver the promised features.
Instruction Scope
SKILL.md lists outputs (real‑time queue, electronic ticket numbers, precise navigation, community photos) and says it will 'combine geographic information and review community trends', but the instructions are high‑level and do not specify data sources, consent handling, or how to obtain user location. This vagueness could lead the agent to request personal location or to reach out to third‑party services without explicit configuration.
Install Mechanism
No install spec and no code files (instruction‑only). This is low risk from an installation/execution perspective because nothing will be downloaded or written by the skill itself.
Credentials
The skill requires no environment variables or credentials, which is consistent with its instruction‑only form, but inconsistent with the claimed real‑time, API‑backed functionality. If the skill is expected to access mapping, booking, or review services, it should declare required API keys or explain how data will be retrieved.
Persistence & Privilege
Default privileges (not always enabled, user‑invocable, model invocation allowed) are set. There are no flags requesting permanent or elevated presence.
What to consider before installing
This skill is mostly a high‑level spec rather than an implemented integration. Before using or trusting it: (1) ask the publisher how it obtains real‑time queue, booking, and navigation data and what external services/APIs it uses; (2) verify the skill's source or homepage and prefer skills that declare required API keys and permissions; (3) be cautious if the agent asks for your precise location or any API credentials — do not share secrets unless you understand why and trust the owner; (4) test with non‑sensitive, hypothetical queries first and monitor any requests that attempt to access personal data or external accounts.Like a lobster shell, security has layers — review code before you run it.
latestvk97bxvkfd403242qtzvzdqtz8s83fmy2
License
MIT-0
Free to use, modify, and redistribute. No attribution required.