ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Complaint Handler

v1.0.0

Retail complaint and after-sales handler for digital employees. Classifies complaints, generates empathetic responses, routes escalations, and manages return...

0· 57·0 current·0 all-time
by@fangwei-frank
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The SKILL.md explicitly depends on 'policy_entries' in a knowledge base and a 'permissions_config' (used to look up escalation contacts, approval thresholds, and packet format), but the registry metadata declares no required config paths, environment variables, or primary credential. That mismatch means the skill expects access to external policy/configuration data without declaring how or where those secrets/endpoints live.
!
Instruction Scope
Instructions require collecting PII (order screenshots, addresses, contact info) and sending 'escalation packets' to L2/L3 contacts, but they do not specify destinations, authentication, transport, or what fields to include beyond generic phrasing. The two-pass classification and keyword-based escalation are coherent with the purpose, but the handoff/transmit steps grant wide discretion to the agent about where and how to send potentially sensitive customer data.
Install Mechanism
This is instruction-only with no install spec and no code files. That minimizes supply-chain risk — nothing is downloaded or installed by the skill itself.
!
Credentials
No environment variables or config paths are declared even though the instructions require permissions_config (escalation contacts, thresholds) and access to a policy knowledge base. The absence of declared credentials/configs is disproportionate to the stated need and leaves ambiguity about what system privileges or secrets the runtime agent must use to comply with the skill.
Persistence & Privilege
The skill does not request always:true or other elevated persistent privileges and does not instruct modifying other skills or global agent configuration. Autonomous invocation is allowed by default but is not, on its own, flagged.
What to consider before installing
This skill looks like a plausible customer-support assistant, but it relies on external policy/configuration and escalation channels that are not declared in the registry. Before installing or enabling it: 1) Ensure a documented permissions_config and policy_entries KB exist and are reachable, and add those config paths or required env vars to the skill metadata; 2) Confirm exactly where 'escalation packets' will be sent, what authentication is used, and which fields (PII) are included; 3) Limit the agent's rights to only the necessary systems (ticketing, manager contacts) and log all escalations for audit; 4) Test in a sandbox with redacted data to verify the handoff behavior; 5) If you cannot control or verify the escalation endpoint and auth, treat the skill as risky because it could transmit customer data to an unknown destination.

Like a lobster shell, security has layers — review code before you run it.

latestvk974r9t58gxw9gh513p828axxh83ec64

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🎧 Clawdis

Comments