Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Bio
v1.0.0A comprehensive AI agent skill for writing and managing professional bios. Crafts bios for any platform and any purpose, matches your voice and career stage,...
⭐ 2· 322·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name and description match the content of SKILL.md (generating and adapting bios for different contexts). However, the doc repeatedly states the skill will "learn your voice" and "track the elements of your bio," yet the skill declares no storage, config paths, or credentials — a plausible design choice but underspecified.
Instruction Scope
SKILL.md is prose-only and does not instruct the agent to read system files, environment variables, or call external endpoints. Nevertheless, language like "learns your voice from how you write and talk about your work" and "prompts you to review" is open-ended and could lead an implementing agent to request or ingest user documents, email, audio, or external account data unless constrained.
Install Mechanism
No install spec or code files are present; instruction-only skills have the smallest on-disk footprint and pose minimal installation risk.
Credentials
The skill declares no required environment variables, credentials, or config paths, which is proportionate for a text-generation bio helper. The SKILL.md does not reference any undeclared secrets or system config.
Persistence & Privilege
Manifest flags show no persistent or elevated privileges (always:false). However, SKILL.md's claim that the skill "tracks" bio elements implies persistent storage or background monitoring; the skill provides no mechanism or declaration for where that state would live, creating a mismatch between claimed behavior and declared privileges.
What to consider before installing
This is an instruction-only bio-writing skill and appears to do what it says, but it is vague about how it "learns your voice" and where it "tracks" updates. Before installing or authorizing the agent to act on your behalf, ask the author (or your platform) these questions: 1) How does the skill obtain samples of your writing or speech — will you have to upload them manually or will it request broad access to your files, emails, or cloud storage? 2) If it tracks bio elements, where is that data stored (local agent storage, a third-party service, or the skill author’s server) and for how long? 3) Will any user content be sent to external endpoints or third parties? 4) What explicit prompts or permissions will the agent request before ingesting private materials? If you’re uncomfortable with open-ended data collection or persistent storage, prefer a workflow where you manually provide the text samples and explicitly approve any storage or external sharing.Like a lobster shell, security has layers — review code before you run it.
biovk9786vvrjbkh0jv2cdq9d12qzd82gferbrandvk9786vvrjbkh0jv2cdq9d12qzd82gferlatestvk9786vvrjbkh0jv2cdq9d12qzd82gferpersonalvk9786vvrjbkh0jv2cdq9d12qzd82gferprofilevk9786vvrjbkh0jv2cdq9d12qzd82gferwritingvk9786vvrjbkh0jv2cdq9d12qzd82gfer
License
MIT-0
Free to use, modify, and redistribute. No attribution required.