ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Numerology Fortune

v1.2.0

Analyzes your numerology profile using the Pythagorean system. Triggered when users ask about Life Path Numbers, Expression Numbers, and other numerology top...

0· 65·0 current·0 all-time
byeamanc@eamanc-lab
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description (Pythagorean numerology) align with the included calculation rules and number-meanings references; requesting birth date and full legal name is expected for the stated calculations.
!
Instruction Scope
SKILL.md explicitly instructs the agent to read this directory's MEMORY.md and fortune-hub/MEMORY.md (if present) and to write the user's date of birth and full legal name into this directory's MEMORY.md. That means the skill will persistently store personally identifiable information (PII) on disk and may reuse previously-cached PII without re-confirmation.
Install Mechanism
Instruction-only skill with no install spec and no code files — nothing is downloaded or executed beyond agent runtime; low install risk.
Credentials
No environment variables or external credentials are requested (appropriate). However, the skill asks for and persists sensitive PII (full legal name + birth date) which is proportionate to numerology but requires explicit user consent and careful handling.
!
Persistence & Privilege
Although always:false, the skill modifies repo-local state by writing MEMORY.md and reading another repository path (fortune-hub/MEMORY.md). This persistent storage of PII and cross-file reading increases the blast radius (privacy risk) and should be confirmed with the user and audited.
What to consider before installing
This skill appears to do only offline numerology calculations, which fits its description, but it will store and reuse sensitive personal data (full legal name and birth date) in a MEMORY.md file inside the skill repo and may read fortune-hub/MEMORY.md if present. Before installing or invoking: (1) confirm you’re comfortable with the skill saving your PII to the skill directory and decide where that file is stored/backed up; (2) consider asking the skill to never cache or to anonymize data (e.g., use initials or a nickname) if you want less persistence; (3) inspect the repository (including MEMORY.md and the references files) to ensure no unexpected endpoints or secrets are present; (4) require explicit user consent before the skill reads or reuses cached profile data; and (5) remove or redact MEMORY.md if you later want to delete persisted PII. If you need stronger guarantees (encryption, access auditing, or avoidance of persistent storage), do not install until those controls are added.

Like a lobster shell, security has layers — review code before you run it.

latestvk978y71j4d2hxcxrmhwc0mfrr183c8c8

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments