ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

AetherLang Chef V3

v1.2.0

Michelin-grade AI culinary intelligence. 17 mandatory sections covering food cost, HACCP, thermal curves, allergen matrix, wine pairing, plating blueprint an...

0· 699·2 current·2 all-time
byHlias Staurou@contrario
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill is an instruction-only api_connector that sends user recipe queries to https://api.neurodoc.app — this aligns with its culinary consulting purpose and it does not request credentials or system access. However, there are inconsistent metadata/homepage values between the two SKILL.md files (omnimusmind.com vs masterswarm.net) and two different version/author annotations, which creates ambiguity about the true publisher and trustworthiness.
Instruction Scope
The runtime instructions explicitly restrict requests to only two fields (code and query) and require user confirmation before sending queries; they state not to include credentials, system prompts, or files. That is good practice, but these are advisory rules in prose — there is no enforcement mechanism in an instruction-only skill. If an agent or integrator fails to implement the safeguards, the external API could receive more context than intended.
Install Mechanism
No install spec or code is included (instruction-only), so nothing will be written to disk or auto-downloaded by the skill itself. This reduces installation risk.
Credentials
The skill requests no environment variables, binaries, or filesystem paths, which is proportionate to an API-backed recipe assistant. There are no declared credentials or privileged config paths.
Persistence & Privilege
Flags show normal defaults (always: false, agent invocation allowed). The skill does not request permanent/system-wide presence or modify other skills. Autonomous invocation is allowed but not combined with other high-risk signals here.
What to consider before installing
This skill appears to do what it says (send recipe queries to an external API) but you should be cautious because: (1) there are conflicting metadata/homepage entries (omnimusmind.com vs masterswarm.net) — verify the publisher and official homepage before trusting it; (2) the skill is instruction-only and relies on the agent to obey its data-minimization rules — confirm the agent implementation will not include system prompts, conversation history, files, or secrets in requests; (3) the external endpoint (api.neurodoc.app) is outside your control — review its privacy policy, TLS certificate, data retention policy, and reputation; (4) test the skill with non-sensitive, dummy queries first and watch outbound network logs to confirm only the intended data is transmitted. If you need higher assurance, ask the publisher for an authoritative repository or signed release and a clear privacy/security contact.

Like a lobster shell, security has layers — review code before you run it.

aetherlangvk971zhaz92yhbqw8s2fwq1fhpx82n19zaivk972s8y2wapha6mspwgahk070981d2h9chefvk971zhaz92yhbqw8s2fwq1fhpx82n19zcookingvk971zhaz92yhbqw8s2fwq1fhpx82n19zculinaryvk971zhaz92yhbqw8s2fwq1fhpx82n19zfoodvk971zhaz92yhbqw8s2fwq1fhpx82n19zgreekvk971zhaz92yhbqw8s2fwq1fhpx82n19zlatestvk971zhaz92yhbqw8s2fwq1fhpx82n19zmichelinvk971zhaz92yhbqw8s2fwq1fhpx82n19zmolecularvk9732mmqbk8px9139trhj172bd81c8sqrecipevk972s8y2wapha6mspwgahk070981d2h9recipesvk971zhaz92yhbqw8s2fwq1fhpx82n19z

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments