Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
OMNI — All-In-One Master Skill
v1.0.0The all-in-one master skill — unified interface for every capability domain. Use when the user asks for anything that spans multiple domains or when no singl...
⭐ 0· 70·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description (an all-in-one router) aligns with the included references covering many domains. That breadth reasonably explains why the SKILL.md references many tools and workflows. However, many reference files show example integrations that require external credentials and platform-specific CLIs (Google Calendar/Gmail via 'gog', Slack/Discord skills, IMAP/SMTP tools, cloud providers, etc.) while the skill declares no required environment variables or primary credential. It's plausible a router would defer credential handling to other skills, but the lack of any declared expected credentials is worth noting.
Instruction Scope
The SKILL.md and references explicitly direct the agent to read and write local memory files (memory/mistakes.json, decisions.json, daily logs), to 'read the code in the workspace' for debugging, and to run CLI/network verification commands (curl, sqlite3, pip/npm commands) as part of anti-hallucination and precision protocols. Those instructions give the skill the ability to access arbitrary workspace files, execute shell commands, and perform network calls. While these actions can be necessary for a multi-domain assistant, they also expand the surface for accidental data exposure or destructive actions unless additional guards are enforced (explicit confirmations, masking of secrets, avoid destructive commands by default).
Install Mechanism
This is instruction-first with no install spec, so nothing is downloaded or written by an installer. That keeps install-time risk low. There is a scripts/router.sh file included (present in the manifest), which should be reviewed because instruction-only skills that include runnable scripts can still cause runtime effects if executed.
Credentials
The skill declares no required env vars or credentials, which reduces upfront privilege requests. However, the references and examples show many operations that typically require API keys, OAuth tokens, or mail/calendar credentials. Expect the skill to ask for or attempt to use credentials at runtime via other platform skills. The manifest not declaring expected credential names is not necessarily malicious but reduces clarity and increases the chance the agent will request sensitive tokens ad hoc — the user should be prepared to deny/provide credentials carefully.
Persistence & Privilege
always:false (no forced global inclusion) and disable-model-invocation:false (normal autonomous invocation) are reasonable. The skill's 'Perfect Memory' and 'Brain' protocols instruct writing persistent logs to memory/*.json, so it will create/append local files by design. This is expected for a router skill, but users should review what gets logged (the references claim to avoid logging secrets). There is no indication the skill modifies other skills' configs or requests system-wide privileges.
What to consider before installing
This skill is intentionally broad and functions as a router across many domains; that explains much of its wide I/O and network behavior, but also raises the risk that it will read workspace files, write persistent logs, run shell commands, and request external service credentials at runtime. Before installing: 1) Inspect scripts/router.sh (and any included scripts) to confirm there are no unexpected execs or external endpoints. 2) Decide a policy for credentials — only provide oauth/API keys on a per-task basis, and prefer scoped, revocable tokens. 3) Ensure the platform will prompt you before destructive actions (deletes, installs, posts, financial ops). 4) Verify memory/ logging paths (memory/*.json) don't capture secrets; if needed, configure or sandbox the skill's storage location. 5) If you need tighter guarantees, prefer more focused domain-specific skills that explicitly declare required credentials and narrower permissions. If you want, I can inspect the contents of scripts/router.sh (if you paste it) and point out any risky commands or endpoints.Like a lobster shell, security has layers — review code before you run it.
latestvk978bd3eqjw7k19mrf73xe8fvd840dxz
License
MIT-0
Free to use, modify, and redistribute. No attribution required.