Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Ach Volume Estimator
v1.0.0Estimate Dwolla's end-of-month ACH transaction volume from daily KPI emails. Use when processing ACH KPI emails, when Dave asks about monthly volume projecti...
⭐ 0· 65·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
Name/description describe an ACH volume estimator and the included Python forecasting/revenue scripts are consistent with that. However, the SKILL.md explicitly instructs use of a Gmail CLI against glaser.dave@gmail.com, reading/writing files under ~/clawd, and invoking a local dashboard generator and internal IP (192.168.1.60). The manifest declares no required env vars, binaries, or install steps; that is inconsistent with what the skill actually requires to run.
Instruction Scope
Runtime instructions tell the agent to fetch an email (specific account), download a PDF attachment, extract numbers, run local Python scripts, and publish to a local dashboard. These steps read and write files in the user's home (~/clawd/work, revenue_calibration.json), rely on an external Gmail CLI ('gog gmail') and a local dashboard service, and would require credentials/config already present. The instructions do not request or document those credentials or tools.
Install Mechanism
No install spec is provided (instruction-only), yet the package includes multiple Python scripts and the SKILL.md expects them to exist at specific paths (~/clawd/skills/ach-volume-estimator/scripts/ and ~/clawd/scripts/ach-dashboard-gen). This is an incoherence: either the skill must install those files or the instructions should not assume they are present. Lack of an install step means a user could be misled about how these files arrive on disk.
Credentials
The skill does not declare any required environment variables or credentials, but the workflow needs access to a Gmail account (glaser.dave@gmail.com) via a CLI (implying OAuth tokens or local config), and reads/writes sensitive local files (~/clawd/work/*, revenue_calibration.json). It also references an internal IP dashboard. Requesting none of these in the manifest is disproportionate and obscures the actual privileges needed.
Persistence & Privilege
The skill is not marked always:true and does not request system-wide configuration changes. It will run Python scripts and read/write files in the user's ~/clawd area, which is expected for this tool. Note: the skill can be invoked autonomously (platform default); combined with the undeclared credential/file access above, that increases risk and should be considered by the user.
What to consider before installing
This skill appears to implement what its name says, but the SKILL.md and included scripts assume access to resources that are not declared in the manifest: a specific Gmail account (via a 'gog gmail' CLI), local files under ~/clawd (including revenue_calibration.json and the dashboard HTML), and a local dashboard service at 192.168.1.60. Before installing or enabling this skill: 1) verify you trust the skill author and inspect the provided scripts locally (they are included) to confirm there is no hidden exfiltration; 2) be aware you must already have a Gmail CLI configured (or provide credentials)—do not use your primary account; use a least-privileged account or service account; 3) ensure you understand where files will be read/written (~/clawd) and that calibration files may contain sensitive financial data; 4) because there is no install step declared, confirm how/where the scripts will be installed and that they run in a controlled environment (VM/container) if you are unsure; 5) if you plan to allow autonomous invocation, consider restricting it until you confirm the skill's behavior and necessary credentials. If any of the above is unexpected, treat the skill as not ready for production use.Like a lobster shell, security has layers — review code before you run it.
latestvk9707qd423rsrfwdxwydhdesvn84hpzg
License
MIT-0
Free to use, modify, and redistribute. No attribution required.