Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Ryder-Super-Pack
v1.0.1Optimized super-skill collection for OpenClaw/Codex, merging Perplexity + Claude Code expertise across 11 domains. Features specialized reference loading (pr...
⭐ 0· 57·0 current·0 all-time
byevan@evanshaw0626
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description (a multi-domain 'super-pack' for OpenClaw) aligns with the content: the SKILL.md and references provide domain-specific workflows that explicitly rely on OpenClaw tools (exec, fs, web_fetch, web_search, subagent spawn, memory). There is no obvious mismatch between claimed purpose and the referenced capabilities.
Instruction Scope
Instructions instruct the agent to read/write workspace files, run shell commands (exec), spawn subagents, ingest web content, and interact with outputs/channels (Telegram/Discord/HTTP). Many workflows explicitly reference handling sensitive artifacts (bank statements, DSRs, subpoenas, GL extracts) and using tools like grep, pdftotext, yt-dlp, ffmpeg. Because the skill is instruction-only, these runtime actions will be executed with whatever runtime privileges/connectors the agent has — the SKILL.md gives broad discretion (e.g., 'use exec to deploy to a public URL if configured') which could enable data exfiltration or unintended external posting unless constrained by the runtime.
Install Mechanism
No install spec and no code files — lowest-risk delivery model. Nothing will be written to disk by an installer as part of skill installation itself. The security surface is the runtime instructions rather than any downloaded code.
Credentials
The skill declares no required env vars or credentials, yet many referenced actions assume external APIs or connectors (Stripe, HubSpot, EDGAR, Telegram/Discord, deployment targets). This is not necessarily malicious — it expects the OpenClaw runtime to provide connectors — but it is a gap: the skill does not document which credentials will be required at execution time, which increases risk (unexpected credential use or accidental leakage).
Persistence & Privilege
always:false and no install means the skill does not demand permanent or elevated platform presence. It instructs writing to workspace/memory and spawning subagents, which is normal for an agent-focused skill. Autonomous invocation is permitted by default (disable-model-invocation:false) but that is standard and not in itself a red flag — combine this with the other concerns when deciding.
Scan Findings in Context
[unicode-control-chars] unexpected: Detected unicode control characters in SKILL.md. These patterns are commonly used for prompt-injection or to alter parsing/visibility of content. This is not necessary for a legitimate reference pack and should be inspected/removed before trusting the skill.
What to consider before installing
This pack is broadly coherent with its stated purpose, but it gives the agent authority to read workspace files, run shell commands, spawn subagents, and push data to external channels — including workflows that explicitly handle sensitive items (bank statements, DSRs, subpoenas). Before installing: 1) vet the SKILL.md for hidden/obfuscated characters (the scanner found unicode-control-chars) and remove them; 2) run the skill only in an isolated/test workspace first; 3) ensure runtime connectors (APIs, Telegram/Discord hooks, deployment credentials) use least privilege and are documented — the skill does not declare required env vars; 4) avoid running it against sensitive production data until you trust its behavior; 5) monitor agent activity (exec/fs/web_fetch calls, outgoing network requests) and require human approval for any automatic external posting or transfers. If you need higher assurance, ask the author/source for provenance and a version that explicitly documents required credentials and exact external endpoints.Like a lobster shell, security has layers — review code before you run it.
latestvk9749hg81056z3ta82j4pxj1rx83h2ey
License
MIT-0
Free to use, modify, and redistribute. No attribution required.