Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Comind
v2.3.4CoMind 人机协作平台 AI 成员操作手册。定义任务执行、Markdown 同步、对话协作、状态面板等全部工作流程。当 AI 成员接收到 CoMind 平台的任务推送、对话请求、定时调度或巡检指令时,应使用此 Skill 执行标准化操作。
⭐ 0· 398·0 current·0 all-time
bySpuAlex@dqalex
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description, required env vars (COMIND_BASE_URL, COMIND_API_TOKEN), the included templates, and the render-template.py script all align: the skill is for a CoMind AI member that reads workspace files and calls the MCP external API. There are no unrelated credentials or unexpected binaries requested.
Instruction Scope
SKILL.md explicitly instructs the agent to read local workspace files (.comind-index, tasks/TODO.md, CLAUDE.md), scan directories (mtime/hash), render templates, and make authenticated POSTs to /api/mcp/external. Those actions are consistent with the stated purpose, but they grant the agent access to local workspace data and permit creating/updating documents via the API — ensure you expect the agent to read/write those files.
Install Mechanism
No install spec or remote download; the skill is instruction-heavy with one small helper script (render-template.py) included. There are no suspicious install URLs or archive extraction steps.
Credentials
Only COMIND_BASE_URL and COMIND_API_TOKEN are required — appropriate for this purpose. However, the COMIND_API_TOKEN is a bearer credential that the agent will use to perform a wide set of actions (list/create/update documents, update status, deliveries, etc.), so it should be scoped and rotated as appropriate.
Persistence & Privilege
The skill metadata sets always: true. That gives the skill persistent inclusion in every agent session and — combined with read/write access to workspace files and an API token — increases the blast radius if misused. The SKILL.md frames the skill as a core CoMind member helper, which may explain the choice, but 'always: true' is a privileged setting and should be justified and constrained.
What to consider before installing
This skill appears to be a legitimate CoMind AI-member integration: it will read workspace files (tasks/TODO.md, CLAUDE.md, .comind-index), may read file contents for templates and heartbeats, and will make authenticated calls to your CoMind instance using COMIND_API_TOKEN. Before enabling: 1) Confirm you intend the agent to access local workspace directories and those specific files; 2) Provide a least-privilege COMIND_API_TOKEN (limit what the token can do and restrict it to the expected API surface); 3) Consider removing or asking the publisher to justify always: true — prefer user-invocable or scoped activation unless this must run on every agent session; 4) Run the skill in an environment where workspace files do not contain unrelated secrets; 5) Monitor CoMind audit logs and rotate the token periodically; 6) If you don’t run a CoMind instance or don’t want agents to access local workspaces, do not enable this skill. I have medium confidence: the components are coherent, but the persistent always-on privilege combined with bearer-token access warrants caution. Additional red flags that would increase severity: evidence of outbound exfiltration endpoints, unexpected required env vars, or install steps that fetch and execute arbitrary remote code.Like a lobster shell, security has layers — review code before you run it.
collaborationvk97ajnpf5vaxh7j4tcgvhssk7581vqwylatestvk97ajnpf5vaxh7j4tcgvhssk7581vqwyproject-managementvk97ajnpf5vaxh7j4tcgvhssk7581vqwytask-managementvk97ajnpf5vaxh7j4tcgvhssk7581vqwyteam-collaborationvk97ajnpf5vaxh7j4tcgvhssk7581vqwy
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🧠 Clawdis
EnvCOMIND_BASE_URL, COMIND_API_TOKEN