ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

tulisai

v0.1.0

Use when managing BangunAI Blog content, automating blog workflows, and writing MDX articles with BangunAI conventions. Supports Obsidian-like features (callouts, mermaid, LaTeX, wikilinks, backlinks, graph view).

0· 807·0 current·0 all-time
by@dwirx
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (BangunAI blog MDX workflows) matches the SKILL.md, EXAMPLES.md, README.md and INTEGRATION.md. All requested actions (create/update daily notes, create posts, append logs, verify index, git mv/rm) are coherent with a content-manager skill. No unrelated credentials, unusual binaries, or unrelated services are requested.
Instruction Scope
The runtime instructions explicitly read and write files under /home/hades/BangunAI-Blog (create MDX files, overwrite about/now with cat >, append logs, git rm/mv, find/grep). Those operations are consistent with the stated purpose, but several example scripts are destructive (overwrite files with shell here-docs, remove files with git rm). The instructions use absolute paths (/home/hades/...) rather than a configurable, relative project path, which may cause unexpected writes if the environment differs. Agent-run destructive commands should be reviewed before execution.
Install Mechanism
Instruction-only skill with no install spec and no bundled code. Nothing is downloaded or written by an installer, minimizing install-time risk.
Credentials
No environment variables, credentials, or external service tokens are required. All operations are local-file oriented and proportionate to a blog management workflow.
Persistence & Privilege
always:false (not force-included). The skill can be invoked autonomously by the agent (platform default). Combined with the skill's file-write and git commands, autonomous invocation could modify local content without your interactive approval — this is expected behavior for a local content-management skill but worth considering in your policy for autonomous actions.
Assessment
This skill appears to be what it says: a local BangunAI blog content manager. Before installing or allowing it to run autonomously, check these points: 1) Confirm the BLOG_ROOT path — SKILL.md uses an absolute path (/home/hades/BangunAI-Blog). If your blog is elsewhere, update the path or run in a safe test workspace. 2) Back up your repo (git commit / branch) — example scripts use 'cat >' (which overwrites files) and 'git rm' (deletes tracked files). 3) If you permit autonomous execution, restrict the agent so it must ask before running any destructive commands, or review suggested shell commands before execution. 4) There are no external network calls or credential requests, but the skill will modify local files — treat it like any automation that writes to your repo. If you want higher assurance, run the example scripts manually the first time in a disposable copy of your project.

Like a lobster shell, security has layers — review code before you run it.

latestvk97atszknmh8rebxed9308s09d811ryz

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments