Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Fix Behavior
v0.1.1User behavior correction skill. Triggered by "fix:" prefix feedback (e.g., "fix: why didn't you commit?"). Analyzes the mistake, improves the relevant rule/s...
⭐ 0· 44·1 current·1 all-time
byes6kr@drumrobot
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description ('Fix Behavior' that improves rules/skills/hooks) matches the SKILL.md: the instructions explicitly search for and modify skill, rule, hook, and documentation files. That capability is coherent with the stated purpose, but the scope of files targeted (e.g., ~/.claude/skills/, ~/.agent/rules/, settings.json hooks) is broad and not enumerated in the skill metadata.
Instruction Scope
SKILL.md instructs the agent to grep/glob through agent config directories and to edit scripts, skill files, rules, hooks, and settings.json. It directs building/testing/running and to 'fix' current issues. These are concrete I/O and mutation actions across agent configuration and other skills, but there are few guardrails: edits can be wide-ranging, the 'skill-toolkit upgrade' procedure is referenced but not provided, and the instructions allow direct script/topic edits. The instructions therefore grant broad discretion to change system state without clear limits or explicit user confirmation steps.
Install Mechanism
No install spec and no code files (instruction-only). This minimizes supply-chain risk because nothing is downloaded or written by an installer. The primary risk comes from the instructions themselves, not from any installation step.
Credentials
Metadata declares no required env vars or config paths, yet the runtime instructions reference and require access to specific local config paths (e.g., ~/.claude/skills/, .claude/rules/, settings.json). Those paths may contain other skills, tokens, or sensitive configuration. The skill asks to modify other skills/rules/hooks — that level of access is high relative to a simple behavior-correction description and is not constrained or justified in the metadata.
Persistence & Privilege
The procedure explicitly tells the agent to modify persistent artifacts (skills, rules, hooks, settings) which will change agent behavior going forward. While modifying agent config can be legitimate, this skill instructs edits to other skills/rules and global hooks without explicit limits or mandatory user approvals. That capability is a long-lived privilege (can change future agent behavior) and should be treated cautiously.
What to consider before installing
This skill instructs the agent to search and edit agent configuration, other skills, rules, hooks, and settings.json — actions that change future agent behavior and can touch sensitive files. Before installing or enabling it, consider: (1) Require the skill metadata to explicitly list/configure the exact paths it will read and write; (2) Require explicit, per-change user confirmation (show diffs and ask before applying edits); (3) Back up relevant configuration directories (e.g., ~/.claude/, ~/.agent/) so you can revert changes; (4) Prefer that the skill only suggest code changes rather than applying them, or limit it to the skill's own files rather than modifying other skills; (5) Ask the publisher for the 'skill-toolkit upgrade' procedure referenced in the docs and for provenance (who authored/published this skill). Because the instructions allow wide, persistent changes without clear guardrails, treat this skill as risky unless you can verify and constrain what it will modify.Like a lobster shell, security has layers — review code before you run it.
latestvk974g3b8gvvy3485vehy2shkf18456w0
License
MIT-0
Free to use, modify, and redistribute. No attribution required.