Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Proposal Service
v1.0.0Inspect and create real OpenClaw proposals in public.openclaw_proposals for the current closed-loop workflow. Use for checking duplicate pending proposals an...
⭐ 0· 228·1 current·1 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description match what the script does (read missions, check for duplicates, insert a proposal into public.openclaw_proposals). However the script implicitly requires ability to run 'docker exec' against a container named 'supabase-db' and run psql inside it; those runtime needs are not declared in the skill metadata (no required binaries or env vars). Requiring Docker access and container-level exec is a significant implicit dependency.
Instruction Scope
SKILL.md instructs running the included script to check or create a 'stale_missions_alert' proposal. The script only touches database tables in the public.openclaw_* schema (reads openclaw_trigger_rules and openclaw_missions; may INSERT into openclaw_proposals), which is consistent with the described purpose. It does not read arbitrary files, contact external endpoints, or exfiltrate data beyond the DB. Still, it performs writes to the real database and raises exceptions if certain conditions are met — this write capability is potentially impactful and should be expected by the user.
Install Mechanism
This is an instruction-only skill with no install spec and a single shell script. No code is downloaded or installed by the skill package itself.
Credentials
The skill declares no required env vars or binaries, but the script hardcodes DB_CONTAINER='supabase-db' and uses 'docker exec' and psql inside the container. It therefore requires Docker access and the presence of a specific container name; that access is effectively a credential-like privilege (ability to exec into containers) but is not surfaced. AGENT_ID is hardcoded rather than provided as a configurable env var. The lack of declared runtime requirements and hardcoded identifiers is disproportionate to the metadata provided.
Persistence & Privilege
always:false (good). The skill can be invoked autonomously (default), which is normal, but because it performs DB writes when creating proposals, autonomous invocation increases potential impact. The skill does not attempt to modify other skills or system-wide configs.
What to consider before installing
This script will run 'docker exec' against a container named 'supabase-db' and execute SQL that can INSERT into public.openclaw_proposals. Before installing or running: 1) Confirm you run this in a trusted environment where 'supabase-db' is the intended database container and you expect proposals to be created in the live DB. 2) Ensure the agent or user running the skill has Docker privileges you are comfortable granting (docker exec allows container access). 3) Consider running it first in a staging environment or adjusting the script to accept DB container, DB user/name, and AGENT_ID via environment variables rather than hardcoded values. 4) Ask the publisher to declare 'docker' (and psql inside the container) as required binaries and to document any permissions needed. If you do not want automated writes to your production DB, do not enable autonomous invocation for this skill or avoid installing it.Like a lobster shell, security has layers — review code before you run it.
latestvk9718m1sjjyfvahpd6aqdnvw4s82r6td
License
MIT-0
Free to use, modify, and redistribute. No attribution required.