Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Wonda
v1.0.0Using the Wonda CLI to generate images, videos, music, and audio from the terminal — plus LinkedIn, Reddit, and X/Twitter research and automation
⭐ 1· 15·0 current·0 all-time
byDegaus AI@degausai
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Suspicious
high confidencePurpose & Capability
The skill claims to be a Wonda CLI integration for media creation and social automation. The SKILL.md, however, instructs users to provide a WONDERCAT_API_KEY (and implicitly to provide platform credentials for publishing/scraping) and to install a CLI — none of these credentials or install actions are declared in the registry metadata. Requesting social platform automation/publishing normally requires platform tokens (not declared).
Instruction Scope
Runtime instructions tell the agent to install a remote script, run the wonda CLI to scrape social platforms and publish content, and to set a base URL. The doc permits arbitrary scraping/publishing commands and instructs setting WONDERCAT_BASE_URL (including pointing to localhost or another host), which could cause the CLI to send data to an arbitrary endpoint. The instructions also reference opening a browser for login and storing API keys via config.
Install Mechanism
Although the registry lists no install spec, the SKILL.md recommends installing with `curl -fsSL https://wonda.sh/install.sh | bash` (high risk: piping remote script to sh). Homebrew and npm alternatives are listed but without verification or links to source code. The presence of an unverified remote installer in the runtime instructions is a significant install risk.
Credentials
The instructions require WONDERCAT_API_KEY and allow setting WONDERCAT_BASE_URL, yet the skill metadata declares no required environment variables or primary credential. Additionally, publishing/scraping social platforms will likely require unrelated platform credentials (X/Twitter, LinkedIn, Reddit), which are not declared. The ability to point the CLI at an arbitrary base URL increases risk of credential/ data exfiltration.
Persistence & Privilege
The skill does not request always:true and is user-invocable only, which is normal. However the CLI commands include `wonda config set` and `wonda auth login`, which may persist API keys or tokens to local config files. That persistence is expected for a CLI but combined with the ability to change base URL raises the potential for persistent, redirected data flows.
What to consider before installing
Do not assume this skill is harmless. Before installing or using it: (1) Do not run curl | bash on an unknown domain; prefer installing from a verified package source and inspect the installer. (2) Ask the publisher for a homepage, source code repository, and a clear list of required environment variables and credentials. (3) Treat WONDERCAT_API_KEY and any social-platform tokens as sensitive — only provide them after verifying the vendor and preferably using least-privilege/test accounts. (4) Be wary of setting WONDERCAT_BASE_URL to arbitrary hosts; that setting could redirect your CLI to a malicious server and leak credentials or content. (5) If you need to evaluate this skill, request a reproducible, auditable install method (e.g., a GitHub repo or official package) and review the code or package contents before running. If vendor details remain unknown or you cannot inspect the installer, consider this skill high-risk and avoid installing it in production or on machines with sensitive credentials.Like a lobster shell, security has layers — review code before you run it.
latestvk97e7bvzrendk5jygxnsandy1h84px0m
License
MIT-0
Free to use, modify, and redistribute. No attribution required.