ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Tech News

v0.1.0

提供AI、硬核硬件、开源动向及前沿技术深度解析。

0· 184·0 current·0 all-time
byClawKK@codekungfu
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
Name/description claim 'AI, hardware, open-source, frontier tech analysis', but SKILL.md focuses on local visit features (geographic distance, queue status, reservation channels, parking, community photos). These capabilities do not align and there's no justification for the extra scope.
!
Instruction Scope
Instructions ask the agent to use geographic information, community review metrics, real-time queue and reservation data, and return electronic ticket numbers, but they do not specify data sources, APIs, endpoints, or how to obtain that data. The prose is vague and could lead the agent to query external services or request user location/credentials without clear limits.
Install Mechanism
No install spec and no code files are present (instruction-only). This minimizes on-disk risk and there is nothing being installed by the skill itself.
Credentials
The skill declares no required environment variables or credentials, yet the tasks described (real-time queues, reservations, map/navigation, community reviews) typically require APIs, location access, or service tokens. The absence of declared credentials is inconsistent and could lead to unexpected prompts for user location or third-party credentials at runtime.
Persistence & Privilege
The skill does not request always:true, does not modify configs, and has no install artifacts. It therefore does not request elevated persistence or system-wide privileges.
What to consider before installing
This skill's description says it's for tech news, but the instructions read like a local visit/queue/reservation assistant — ask the author to clarify the intended purpose. Before installing or using it: (1) verify what external data sources or APIs it will call and where data comes from, (2) refuse to provide credentials (API keys, account tokens) unless the developer documents why they're needed and how they'll be used, (3) be cautious about sharing your location or electronic ticket numbers, and (4) if you expected tech news, do not install until the mismatch is resolved.

Like a lobster shell, security has layers — review code before you run it.

latestvk978zzvrajxn557h8bc29gxp45834bqe

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments