Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
OPC Insight Generation
v2.2.1Generates personalized insights and actionable recommendations from journal entries, patterns, and milestones to guide user decisions and highlight opportuni...
⭐ 0· 62·0 current·0 all-time
by@coidea
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description align with the code: the modules read journal entries, analyze patterns, and write summaries/recommendations. However, the code imports packages under src.* that are not included in the skill bundle (missing dependencies), so the package is incomplete and will likely fail unless those libraries exist in the agent environment. The repeated sys.path insertions are odd but not directly dangerous.
Instruction Scope
SKILL.md explicitly describes reading journal entries, searching memory, and writing insights; the scripts do exactly that (reading a journal.db via SQLiteStorage, reading/writing JSON summaries and recommendation files). SKILL.md also lists 'external_data' sources (GitHub, revenue metrics) but the code does not show how those sources are accessed or what credentials would be required — that's an ambiguity to clarify. Overall the instructions stay within the stated purpose, but the skill reads/writes local files and database paths configured by the user.
Install Mechanism
There is no install spec (instruction-only + code files); nothing is downloaded or executed at install time. This lowers supply-chain risk. The main runtime risk is from the included Python code when executed in the agent environment.
Credentials
The skill requests no environment variables or external credentials (good), but it constructs filesystem paths from customer_id and config values (e.g., customers/{customer_id}/insights or config-provided paths) without sanitizing them. If untrusted inputs are passed into customer_id or config paths, the skill could read or write arbitrary files. Also the code depends on external src.* modules not present in the bundle; that mismatch is a proportionality/consistency issue that must be resolved before trusting the skill.
Persistence & Privilege
always is false and the skill is user-invocable; it does not request elevated platform privileges or change other skills' configurations. It writes files only under configurable storage paths, which is expected behavior for this type of skill.
What to consider before installing
This skill appears to do what it says — read journal entries and produce insights — but take these steps before installing or enabling it: (1) Note the bundle is incomplete: it imports several src.* modules that are not included. Ask the author for the missing library code or run in a controlled environment. (2) Treat config values carefully: the skill builds filesystem paths from customer_id and config settings with no sanitization. Ensure you set journal_storage/storage paths to a dedicated safe directory and avoid untrusted customer_id values (no '../' or absolute paths). (3) Because it reads/writes a local SQLite DB and JSON files, test it in a sandbox or with non-sensitive data first. (4) Clarify the 'external_data' integration mentioned in SKILL.md — what connectors and credentials are required and where data is sent. (5) If you proceed, review or request the missing src.* modules (JournalManager, SQLiteStorage, InsightGenerator, RecommendationEngine, logging utils) and the logging implementation to confirm there are no hidden network calls or credential leaks. If you cannot obtain or verify those modules, treat the skill as untrusted and do not run it against real journals or production data.Like a lobster shell, security has layers — review code before you run it.
latestvk975446axcndmf6k6f0mcc64nh83mxm7
License
MIT-0
Free to use, modify, and redistribute. No attribution required.