ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Renatus Icm

v2.1.4

Manage Renatus event campaigns by setting up landing pages, running email blasts, handling guest registrations, exporting leads, and syncing unsubscribes.

0· 62·0 current·0 all-time
by@earlvanze
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
CryptoCan make purchasesRequires OAuth token
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
stale
View report →
OpenClawOpenClaw
Suspicious
high confidence
Purpose & Capability
The code files and documentation align with the skill's stated purpose (event pages, email batches, Supabase lead export, CDP‑based registration/delete). However the registry metadata claims no required environment variables or binaries while the SKILL.md and scripts clearly expect many credentials (Renatus, Supabase tokens, SMTP/gws) and external tools (Playwright/CDP, gws CLI). That metadata mismatch is a coherence issue that should be resolved.
!
Instruction Scope
Runtime instructions and scripts perform browser CDP connections to http://127.0.0.1:9222 and read localStorage and document.cookie to obtain session tokens/XSRF tokens for Renatus. This is necessary for automated browser registration but can expose any other site cookies/localStorage present in the same browser profile. The skill's docs tell you to use a dedicated profile (good), but the scripts also search for config.json in parent directories (config_loader) which may read local files with secrets. The SKILL.md explicitly asks for high-privilege Supabase keys and instructs deletion actions (renatus_delete_lead.py) — these are within the claimed feature set but are high‑impact operations and should be used with dry‑run and least-privilege keys.
!
Install Mechanism
There is no install spec in the registry (instruction-only install), but the code imports Playwright and expects external tools (gws CLI, Chrome/Brave with remote debugging). The absence of declared dependencies/binaries is inconsistent with the code and can lead users to run scripts without proper sandboxing. No remote downloads or obscure URLs were observed (good), but the missing dependency/install documentation is a practical risk.
!
Credentials
The SKILL.md requests multiple credentials relevant to the feature set (RENATUS_USERNAME/PASSWORD, SUPABASE_URL, LEAD_ADMIN_TOKEN, SUPABASE_SERVICE_ROLE_KEY, SENDER_EMAIL/SENDER_PASSWORD). Those are functionally necessary for Renatus + Supabase integration, but SUPABASE_SERVICE_ROLE_KEY and LEAD_ADMIN_TOKEN are high‑privilege credentials (service role and admin export). The doc recommends not using a production service_role_key, but requiring those high‑privilege secrets increases the blast radius — prefer least‑privilege anon/export tokens and keep service_role usage offline or restricted.
Persistence & Privilege
The skill does not request 'always: true' and does not declare autonomous privilege beyond normal agent invocation. Scripts operate on local files and call Supabase/Renatus endpoints; there is no indication they modify other skills or global agent settings. This is appropriate for the functionality offered.
What to consider before installing
This package looks like a real toolkit for running Renatus campaigns, but there are notable red flags you should address before using it: - Metadata mismatch: the registry lists no required env vars or binaries, but SKILL.md and the scripts require many secrets and external tooling. Treat that as a warning: ask the publisher (or inspect the repo) for a clear install/requirements manifest. - Sensitive credentials: do NOT supply production SUPABASE_SERVICE_ROLE_KEY or other admin keys. Create least-privilege tokens (read-only anon or a narrowly scoped export token) and test in a separate Supabase project. - CDP/browser access: the scripts connect to Chrome/Brave remote debugging and read localStorage/cookies. Use a dedicated browser profile with only the Renatus session, on an isolated machine if possible. Otherwise other site cookies/sessions could be exposed. - Verify dependencies and run in a sandbox: install and run the code in a disposable VM or container, and ensure Playwright and the gws CLI are the official packages you expect. The package does not provide an install spec — add one or manually audit dependencies. - Safe testing practices: run destructive scripts (renatus_delete_lead.py) with --dry-run first; rotate any credentials used for testing; keep SMTP accounts send-only and limited. - Source provenance: the skill source/homepage is unknown. If you cannot verify the author's identity or vet the code thoroughly, prefer not to run it against production data. If you decide to proceed, limit credentials, isolate the environment, and review the scripts (especially CDP extraction and any network calls) before giving access. If you provide the publisher/source URL, or a clear requirements/install manifest, I can re-evaluate and lower concerns accordingly.

Like a lobster shell, security has layers — review code before you run it.

latestvk971y4yxxm8ffrympa1nd2j4218477pv

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments