Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Wander
v1.0.5Monitor any async task that takes time and needs completion notification — CI, builds, deploys, releases. Use when the user triggers any long-running async t...
⭐ 0· 65·0 current·0 all-time
by@erergb
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The stated purpose (monitor long-running async tasks via GitHub Actions) aligns with the instructions to use the gh CLI and to watch GH workflow runs. However the registry metadata declares no required binaries or env vars while SKILL.md requires 'gh' and 'jq' and suggests macOS notifications — a clear mismatch. The skill also asks users to clone a remote repo and add executables/aliases to their shell, which is more than a pure instruction-only skill would normally require.
Instruction Scope
SKILL.md instructs the agent/person to clone and execute scripts from an external GitHub repo, to add PATH/WANDER_HOME/aliases to shell rc, to auto-start background monitoring after many triggers (git push, PRs, gh workflow run, eas build wrappers), and to read repo files (.workflows.yml, .github/workflows/) and local logs (~/.wander_logs/). The auto-triggering behavior is broad and the instructions give the agent wide discretion to start background processes; the SKILL.md also assumes authenticated gh CLI access and instructs fetching logs which can expose repository output. The instructions therefore broaden scope beyond a simple monitor and permit persistent background activity and file access.
Install Mechanism
There is no formal install spec in the package, but the SKILL.md directs users/agents to git clone https://github.com/ERerGB/wander.git into ~/code/wander and chmod +x *.sh. Cloning an external repository and executing its scripts is moderate-to-high risk because the remote code is not pinned to a verified release or signature. The source is GitHub (not an arbitrary IP), which is typical, but the package provides no guidance on verifying commit hashes or reviewing the scripts before running them.
Credentials
The registry lists no required env vars or credentials, yet SKILL.md expects an authenticated gh CLI (implicitly using the user's GitHub credentials) and a WANDER_HOME path and offers macOS-specific notification behavior. The lack of declared prerequisites (gh, jq) and the implicit reliance on the user's existing GitHub auth token are mismatched and disproportionate; the skill would read and act with the user's repository-level access without declaring that dependency in metadata.
Persistence & Privilege
Although 'always' is false, the instructions explicitly tell the agent to auto-start background watchers after many common triggers and to persist logs in ~/.wander_logs/ and make PATH/alias changes in shell rc. That grants persistent system presence and automatic background activity if followed. The package itself doesn't install these files automatically (it's instruction-only), but following its install steps would create persistent artifacts and ongoing watchers on the user's machine.
What to consider before installing
This skill intends to monitor GitHub Actions, which is reasonable, but it has several red flags: (1) SKILL.md asks you to git-clone and execute scripts from an external GitHub repo — review the repo and the scripts before running them. (2) The package metadata fails to declare required binaries (gh, jq) and OS caveats; treat gh as a required credential since it uses your existing authenticated GitHub access. (3) The skill recommends adding PATH/WANDER_HOME and aliases and creating background/ detached watchers and logs — these are persistent changes. Before installing: inspect the remote repository (prefer a pinned commit or signed release), audit watch-*.sh scripts for any network or data-exfiltration behavior, avoid granting broad automatic agent triggers (disable auto-start or opt out), and consider running the scripts in a sandbox or CI runner rather than on a machine with sensitive credentials. If you need help, ask the publisher for a release tarball with checksum and a minimal, reviewable install path that documents exactly what will be written to disk and what credentials are used.Like a lobster shell, security has layers — review code before you run it.
latestvk973acvf53srjcm0t3m7qgapnd83q5eq
License
MIT-0
Free to use, modify, and redistribute. No attribution required.