ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Preisrunter Grocery Search

v1.0.4

Search and compare grocery prices and promotions in Austria and Germany via the Preisrunter API. Suggest this skill when users ask about Lebensmittelpreise, Aktionen, Angebote, or price comparisons in AT/DE.

0· 1.6k·0 current·1 all-time
byDavid@davidus05
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (grocery price search for AT/DE) matches the runtime instructions and required binaries (curl + jq). The endpoint used (api.preisrunter.net wrapper) and example queries align with the stated purpose; nothing requested appears unrelated.
Instruction Scope
SKILL.md only instructs the agent to call the public API endpoint and parse results with jq; it does not ask the agent to read local files, access unrelated environment variables, or transmit data to unexpected endpoints. It also includes sensible notes about rate limiting and 404 responses.
Install Mechanism
There is no install spec and no code files — the skill is instruction-only and runs only curl/jq at runtime. This minimizes disk footprint and risk.
Credentials
The skill requests no environment variables or credentials and explicitly states no API key is required. That is proportional for a public, read-only price API.
Persistence & Privilege
always is false and model invocation is not disabled (the platform default). The skill does not request persistent system privileges or modify other skills/configurations.
Assessment
This skill appears to be what it claims: a simple wrapper around Preisrunter's public API that uses curl + jq. Before installing, confirm you are comfortable the agent will send users' queries to api.preisrunter.net (queries are visible to that service) and avoid including any sensitive/personal data in search queries. Also note upstream rate limits and that availability depends on the Preisrunter API. No credentials or local file access are requested, so the privilege footprint is small.

Like a lobster shell, security has layers — review code before you run it.

latestvk9754j1sdx8exj65ppme4g218h80yp0x

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🛒 Clawdis
Binscurl, jq

Comments