ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

OpenClaw Task Experience Summaries

v1.0.0

Experience summaries for OpenClaw tasks, including common installation problems, troubleshooting steps, and best practices for packages, configurations, and...

0· 622·1 current·1 all-time
by@dawai2005
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (task experience summaries and troubleshooting) align with the SKILL.md content. The file contains guidance on installation, common errors, configuration, and documentation templates — all consistent with the stated purpose.
Instruction Scope
Instructions are documentation-style: example shell commands, environment-variable patterns, and troubleshooting steps. They do not instruct the agent to read unrelated system files or exfiltrate data. The SKILL.md does reference setting/checking API keys (TAVILY_API_KEY, OPENAI_API_KEY) but only as examples relevant to configuration troubleshooting.
Install Mechanism
There is no install spec and no code files — this is instruction-only. Nothing will be written to disk by the skill itself. The SKILL.md mentions npm install commands as examples a user might run; that is expected for this documentation role.
Credentials
The skill does not declare any required env vars, but the documentation mentions common API keys (TAVILY_API_KEY, OPENAI_API_KEY) as examples. This is proportionate for troubleshooting docs, but users must avoid pasting secrets into untrusted places when following instructions. No unexpected or unrelated credentials are requested by the skill itself.
Persistence & Privilege
always is false and the skill is user-invocable. It does not request permanent presence, nor does it modify other skills or system-wide settings. Autonomous invocation is allowed by default but is not combined with other high-risk factors here.
Assessment
This skill is a documentation/troubleshooting guide and appears internally consistent. It won't install or run code by itself, but it recommends commands (e.g., npm install -g clawhub) and mentions API keys. Before following any commands: verify the package and registry (don't install unknown global npm packages as root), confirm the provenance of tools like 'clawhub' and 'tavily' (check official sites or GitHub repos), and never paste secret keys into untrusted pages or tools. Note that the skill's source/homepage is missing — if you want stronger assurance, ask the publisher for a repository or official homepage to verify origins before using their recommended binaries or registries.

Like a lobster shell, security has layers — review code before you run it.

latestvk977tme57kgdjgsj1bfxy5sn6d81946d

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments