Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description (onboarding, resume stats, profile updates) matches the runtime instructions (calls to /api/initialize, /api/staff_self, /api/staff_update). However, the SKILL.md requires reading/writing local files (bossclaw/token.md, IDENTITY.md) and analyzing recent admin chat messages, yet the registry metadata lists no required config paths or file access. That undeclared file access is an incoherence — a legitimate onboarding skill would normally declare that it stores/reads a token or identity file.
Instruction Scope
The instructions explicitly direct the agent to: inspect the last 3 admin messages in chat history (language-detection); read IDENTITY.md for defaults; read and write bossclaw/token.md (persisting a token); and call external endpoints at bossclaw.dongyao.ren and api-boss.dongyao.ren using a header 'token: <value>'. These actions are within the stated functional scope, but they involve accessing conversation history and local files (potentially sensitive) which were not declared. The SKILL.md also prescribes strict language rules and forbids echoing the token in chat, implying the token is treated as a credential — again this behavior should have been declared.
Install Mechanism
No install spec and no code files are present (instruction-only), so there is no installer downloading or executing third-party code. This is the lower-risk category for installation. Note: runtime file writes (saving token) still occur and are not an install-time action.
Credentials
The skill does not request environment variables or external credentials in the registry metadata, which is consistent with an instruction-only skill. At runtime it obtains a token from the remote API and persists it to bossclaw/token.md; treating that token like a credential is reasonable for the feature, but the registry should have declared expected config paths or warned that a token will be stored locally. Absence of such declarations is a proportionality/visibility problem.
Persistence & Privilege
always:false (normal). The skill persists an authentication token to bossclaw/token.md and later reads it for API calls. Persisting a credential locally is expected for this use case, but it gives the skill ongoing access to the service and creates an on-disk secret. This persistent storage was not declared in the skill metadata, increasing the surprise/risk to the user.
What to consider before installing
This skill appears to do what it says (onboarding, view counts, profile updates) and is instruction-only (no installer). However: 1) The SKILL.md requires reading/writing local files (bossclaw/token.md and IDENTITY.md) and inspecting the last 3 admin chat messages, yet the registry metadata does not declare those file accesses — ask the publisher why config paths are missing. 2) The skill will write a persistent token to bossclaw/token.md; treat that file as sensitive (it functions like an API credential). 3) The skill calls external endpoints at bossclaw.dongyao.ren / api-boss.dongyao.ren — verify those domains and their privacy/security posture before use. 4) If you decide to install/use it, test in a restricted/sandboxed environment (or a throwaway account), ensure the agent has only the minimal filesystem permissions needed, inspect the saved token file location, and confirm you are comfortable with the skill reading chat history for language detection. If the publisher can update the metadata to declare required config paths and explain why chat history is accessed, re-evaluate — that would move this toward benign.Like a lobster shell, security has layers — review code before you run it.
latestvk97ez0rfx0zak4ynpw7c52rmtd83a7mt
License
MIT-0
Free to use, modify, and redistribute. No attribution required.