Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Skill Kit

v0.1.0

Claude Code skill management. writer - create new skills [writer.md], lint - validate and fix frontmatter [lint.md], merge - combine related skills [merge.md...

⭐ 0· 26·0 current·0 all-time

byes6kr@drumrobot

MIT-0

Download zip

LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.

Security Scan

VirusTotal

Suspicious

View report →

OpenClaw

Suspicious

medium confidence

✓

Purpose & Capability

The name/description (skill manager: writer, lint, merge, dedup, convert, trigger, upgrade, route) match the files and operations in the bundle: scanning ~/.claude/skills, creating SKILL.md, copying scripts, generating hooks, and modifying settings.json. Requiring access to local skill/agent directories and hook/settings files is proportionate to a skill management tool.

Instruction Scope

The instructions and included trigger compiler instruct the agent to read and move user files (~/.claude/skills, ~/.claude/agents, .claude/skills), write persistent files (~/.claude/hooks, ~/.claude/data), and edit ~/.claude/settings.json. These are within a skill-manager's remit but are high-impact operations. There are also internal contradictions across docs (e.g., lint says 'remove triggers' / move trigger keywords into description, while trigger.md & trigger-compile.sh define and require a triggers field), and inconsistent backup locations (some docs insist on moving backups to ~/.claude/.bak, while dedup.md uses ~/.claude/skills/.bak). Those contradictions could cause accidental misconfiguration or unsafe behavior.

ℹ

Install Mechanism

No install spec (instruction-only) — minimal risk from installer. However a shipped script (scripts/trigger-compile.sh) will be executed and writes files. The script expects tools like jq and an existing ~/.claude/settings.json but these dependencies are not declared. The script also appears truncated near the end (syntax issues) — running it as-is may fail or behave unexpectedly.

ℹ

Credentials

The skill requests no environment variables or external credentials (good). It does, however, require broad local filesystem access to the Claude configuration directories (~/.claude/hooks, ~/.claude/settings.json, ~/.claude/data, ~/.claude/skills, ~/.claude/plugins). That access is consistent with managing skills and hooks but is powerful — consider whether you trust an author that can add persistent hooks or create files under ~/.claude that affect global behavior.

Persistence & Privilege

The trigger compiler auto-generates hook scripts and writes/overwrites ~/.claude/hooks/trigger-*.sh and updates ~/.claude/settings.json. Those changes persist across sessions and can cause global behavior: blocking tool execution, injecting system messages, and suggesting automatic Skill invocations. Although such behavior is coherent for a trigger system, it is high privilege: a malicious or buggy trigger could block tools, inject messages, or force unwanted skill activations. The skill is not marked always:true, but it still requests the ability to modify agent settings and hooks — treat that as a material risk.

What to consider before installing

This package is a legitimate-seeming skill-manager, but it performs powerful, persistent operations (generates hook scripts, edits ~/.claude/settings.json, writes to ~/.claude/hooks and ~/.claude/data). Before installing or running the trigger compile: 1) Review scripts/trigger-compile.sh line-by-line (it expects jq and settings.json and the distributed copy appears truncated/syntactically broken); 2) Back up your ~/.claude/settings.json and ~/.claude/hooks/ directory; 3) Prefer a dry-run mode if available (/skill-toolkit trigger compile --dry-run) and inspect generated scripts before allowing them to be written; 4) Be cautious about the documented contradictions (some docs say remove triggers from frontmatter while others require a triggers field, and backup paths are inconsistent — this can cause accidental re-loading of .bak folders); 5) Only grant this skill write access to your Claude config if you trust the author and have backups. If you want, I can list the exact lines in scripts/trigger-compile.sh that are risky or help produce a safe dry-run checklist.

Like a lobster shell, security has layers — review code before you run it.

latestvk976bccb11q70g4bqe6zqeby9x8475g8

License

MIT-0

Free to use, modify, and redistribute. No attribution required.

Termshttps://spdx.org/licenses/MIT-0.html

Skill Kit

License

Comments