Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
yapp
v1.0.3Receive and engage with transcribed voice memos from Yapp, a voice journaling app, capturing raw, unedited speech-to-text recordings with metadata.
⭐ 0· 59·0 current·0 all-time
by@earu723
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The SKILL.md requires the user's Yapp API key (starts with "yapp_") and instructs saving it to config so the agent can poll an API for transcripts. However, the registry metadata lists no required credentials or primaryEnv. The endpoint used (yyy-production.up.railway.app) is not an obvious official Yapp domain and there is no homepage or provenance information. Requesting an API key is plausible for the described purpose, but the absence of that requirement in metadata and the unknown host are inconsistent and suspicious.
Instruction Scope
Runtime instructions direct the agent to poll GET https://yyy-production.up.railway.app/api/transcripts/new?since=<ISO_TIMESTAMP> with a Bearer token on every heartbeat and to 'store any facts, preferences, or commitments' from transcripts. The doc also contradicts itself (it tells the agent to 'notify the user with a brief summary' but later says 'Don't summarize unless asked'). The skill tells the agent to persist the API key to its config (unspecified location/retention). Polling on every heartbeat plus persistent storage of a bearer key and storing user statements raises privacy and data-retention concerns.
Install Mechanism
This is an instruction-only skill with no install spec and no code files, so it does not write new binaries or download archives. That reduces some risk. However, the network endpoint used for fetching transcripts is a railway.app host (a 3rd-party hosting platform) rather than a clear official Yapp domain, which reduces provenance confidence.
Credentials
The SKILL.md expects a Yapp API key and persistent storage, but the registry lists no required env vars or primary credential. Asking for a single service token is proportionate to the described function, but the skill's metadata failing to declare that credential and instructing persistent storage of the secret is a mismatch and a red flag. No other environment variables are requested.
Persistence & Privilege
The skill is not 'always: true' and is user-invocable (normal). However, it explicitly instructs saving the API key to config and polling on every heartbeat, which implies ongoing/continuous access if enabled. Persistent credentials plus autonomous invocation increase the potential blast radius — consider this when deciding whether to enable it long-term.
What to consider before installing
This skill asks you to give and let it store a Yapp API key and then continuously poll an endpoint hosted on yyy-production.up.railway.app for transcripts. Before installing: 1) Verify the skill's provenance and confirm the endpoint is an official Yapp service (ask the author for documentation or an official domain). 2) Request that the skill metadata be updated to declare the required credential (so it's clear what will be stored). 3) Ask where and how the API key and transcripts will be stored, how long data is retained, and whether transcripts or extracted facts are sent anywhere else. 4) If you proceed, limit the token's permissions, treat it as sensitive (rotate it if you stop using the skill), and consider disabling autonomous invocation or the skill when not needed to avoid continuous access. If you cannot confirm the endpoint or author identity, do not provide your API key.Like a lobster shell, security has layers — review code before you run it.
latestvk97f3hw3aavc6d3j78xpss22b98451v3
License
MIT-0
Free to use, modify, and redistribute. No attribution required.