ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Venture Delegation

v1.0.0

Opus-level strategic decomposition for any opportunity, project, or task. Breaks work into atomic pieces with evals, assigns each to the cheapest capable mod...

0· 49·0 current·0 all-time
byKairoKid@dodge1218
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (decompose tasks, assign to cheaper models, create atomic tasks with verifiable checks) matches the SKILL.md content. No unrelated credentials, binaries, or installs are requested; the model assignment table and evals are coherent with the stated purpose.
Instruction Scope
Runtime instructions direct the agent to write artifacts (files/URLs), run machine-verifiable evals (test -f, npm run build, curl, grep, screenshots, etc.), and to scaffold code. Those actions are appropriate for a delegation tool but do require filesystem, build-tool, and network capabilities — the skill does not attempt to read unrelated system files or environment variables, but it does give the agent discretion to create/execute project commands.
Install Mechanism
Instruction-only skill with no install spec and no external downloads; nothing will be written to disk by an installer. Lowest-risk install surface.
Credentials
The skill requests no environment variables, credentials, or config paths. Model names are referenced internally but do not imply external credentials. The level of access requested is proportional to the purpose.
Persistence & Privilege
always:false and default autonomous invocation are set. The skill does not request permanent presence or modification of other skills or system-wide configuration.
Assessment
This skill appears coherent, but keep these practical cautions in mind before enabling it: 1) It expects the agent to create files and run build/eval commands (npm, curl, shell tests). Only allow it where you trust those actions — sandbox or restrict filesystem and network access if possible. 2) Generated atoms may run project scripts that execute code. Review atoms and eval commands before permitting execution. 3) The skill routes work to different internal model names (flash, sonnet, etc.) which can incur costs — verify model availability and cost policies. 4) No secrets are requested by the skill, but if you attach it to a workspace with credentials or CI/CD, ensure it cannot access unrelated secrets. 5) If you want tighter control, require manual approval of the atomic task plan before execution.

Like a lobster shell, security has layers — review code before you run it.

latestvk971wv9gcrhk6pg4yrk9p56pt9843gfz

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments