Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Skill Curator
v1.0.0OpenClaw 的总调度 Skill。当用户在 Discord 发送「【关键词】URL」格式的消息时,自动触发本 Skill:判断该关键词对应的 Skill 是否已存在 → 提取 URL 内容 → 追加或新建知识 Skill → 推送到 GitHub skillhub 仓库。
⭐ 0· 50·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Suspicious
medium confidencePurpose & Capability
The SKILL.md describes cloning a GitHub repo and pushing changes and requiring GITHUB_TOKEN and MINIMAX_API_KEY, but the registry metadata lists no required environment variables or primary credential. The skill also hardcodes a default repo (github.com/eeyan2025-art/skillhub.git), which is unexpected if a user expects changes to go to their own repo.
Instruction Scope
Runtime instructions tell the agent to fetch arbitrary URLs, extract content (including audio/video analysis), create or modify SKILL.md files, and push commits to a remote GitHub repo. Extracting arbitrary remote content and then pushing it to a repo controlled by another account (or unspecified repo) broadens the scope beyond simple local processing and can cause unwanted data exfiltration or copyright/consent issues.
Install Mechanism
Instruction-only skill with no install spec or bundled code, so nothing is written to disk by an installer. Lowest installation risk from packaging/hosts perspective.
Credentials
SKILL.md requires GITHUB_TOKEN (repo push rights) and MINIMAX_API_KEY, but the skill metadata declared no required env vars. Requesting a token with push access is proportionate to pushing changes, but the hardcoded external repo and missing metadata declaration are mismatches. A broad-scope GITHUB_TOKEN would let the skill modify any repos the token can access—this is sensitive and should be scoped and confirmed by the user.
Persistence & Privilege
Skill is not flagged always:true and has no install-time persistence. Autonomous invocation is allowed by default; combined with a push-capable GITHUB_TOKEN this increases risk (agent could autonomously push changes), but autonomous invocation alone is normal.
What to consider before installing
Before installing or enabling this skill: 1) Confirm which GitHub repository it will push to — do not provide a token with broad repo access; prefer a token scoped to a single test repo you control or use a deploy key. 2) Verify why registry metadata omits required env vars (GITHUB_TOKEN, MINIMAX_API_KEY) and ask the publisher to correct metadata. 3) Understand that the skill will fetch arbitrary URLs and may commit extracted content; avoid giving it access to sensitive data and consider requiring explicit user confirmation before any git push. 4) If you must test, use a throwaway GitHub account/repo and limited-scope token, and review generated SKILL.md locally before allowing pushes to production repos. 5) If the hardcoded default repo is not yours, do not provide push credentials until the repo target is changed to a repository you control.Like a lobster shell, security has layers — review code before you run it.
latestvk97bpanb9kd5g1d0knsfhg7gfh84esf1
License
MIT-0
Free to use, modify, and redistribute. No attribution required.