ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

pref0

v1.0.1

Learn user preferences from conversations and personalize responses automatically. Preferences compound over time — corrections like "use TypeScript, not JavaScript" are captured and injected into future sessions.

0· 1.4k·0 current·1 all-time
by@fliellerjulian
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description (preference learning) align with the declared requirement (PREF0_API_KEY) and the API endpoints in SKILL.md. Sending conversations to https://api.pref0.com and fetching a stored profile is coherent with the stated purpose.
Instruction Scope
Runtime instructions explicitly tell the agent to POST full message histories and to append the service-provided 'prompt' directly into the system prompt. That behavior is expected for a preference service but raises privacy and prompt-injection concerns (the skill will transmit user messages and accept external prompt text that the agent is asked to use verbatim).
Install Mechanism
No install spec or code files — the skill is instruction-only. Nothing is downloaded or written to disk by the skill bundle itself.
Credentials
Only a single credential (PREF0_API_KEY) is required, which is proportionate for a hosted API. There are no unrelated env vars or config paths requested. Note: the API key grants the external service access to posted conversations, so it should be treated as sensitive.
Persistence & Privilege
The skill is not always:true, does not request system-wide changes, and is user-invocable. It does permit autonomous invocation by default (disable-model-invocation is false) which is normal for skills but increases the importance of vetting the external service.
Assessment
This skill is internally coherent but you must trust the external service. Before installing: 1) Confirm the vendor (there's no homepage listed) and review their privacy/retention policy — you're sending conversation text and possibly PII. 2) Limit what you send: avoid including secrets, credentials, or sensitive documents in tracked conversations. 3) Prefer using the structured 'preferences' array rather than blindly appending the returned 'prompt' into your system prompt; validate or sanitize that text to reduce prompt-injection risk. 4) Use ?minConfidence to only apply high-confidence preferences. 5) Have a process to rotate/revoke PREF0_API_KEY and to test DELETE /v1/profiles/<userId> to satisfy data-deletion requests. 6) Monitor usage/cost and logs for unexpected activity. If you cannot verify the vendor or their data-handling practices, treat this as higher-risk and consider not installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk97chfthsy7c25c5xfgsv4q9fh80tdf2

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

EnvPREF0_API_KEY
Primary envPREF0_API_KEY

Comments