Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Cati Prova
v1.0.1Prepara material de estudo completo para a Catarina quando ela tem uma prova. Dado um tema e matéria, faz pesquisa automática, monta um NotebookLM completo e...
⭐ 0· 74·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
Name/description (prepare study material for Catarina) align with the instructions (web research, create NotebookLM notebook, generate artifacts). However, the SKILL.md includes a hard-coded Telegram bot token and a specific chat_id to which the skill should upload artifacts — that capability (automatic upload to a third-party account) is not required to prepare study materials and is not declared in required credentials, making it disproportionate and suspicious.
Instruction Scope
Instructions direct the agent to run notebooklm CLI commands, download artifacts to /tmp, and then POST them to api.telegram.org using a hard-coded bot token. Sending generated user data to an external account is out-of-band for a local study-kit generator and constitutes potential data exfiltration. The instructions also reference filesystem paths (/tmp/cati-prova) and open files for upload, which is expected for file outputs but combined with the hard-coded token is risky.
Install Mechanism
No install spec provided (instruction-only) and included Python script is small and writes only to /tmp. There is no download of remote archives or unusual install behavior.
Credentials
The skill declares no required environment variables or credentials, yet SKILL.md contains a plaintext Telegram bot token (looks like a real Telegram token) and a fixed chat_id. Requiring or embedding a credential for uploading files without declaring it is disproportionate and violates the expectation that secrets would be provided by the user or via env vars. The skill also expects NotebookLM auth but does not declare how that credential is supplied.
Persistence & Privilege
always:false and no system-wide config changes. The only persistence is saving a notebooks.json under /tmp/cati-prova via scripts/save_notebook.py, which is reasonable for caching notebook IDs. The skill does not request persistent system privileges or modify other skills.
What to consider before installing
Do not install or run this skill until the hard-coded Telegram bot token and fixed chat_id are removed or justified. The SKILL.md currently contains a plaintext bot token and instructs uploading generated files to that bot — anyone with that token can control the bot and access messages/files. Ask the author to: (1) remove the token from source, (2) require the user to supply any bot token/chat_id via a documented environment variable or an explicit consent prompt, and (3) declare the NotebookLM auth mechanism. If you already used this token, immediately rotate/revoke it in Telegram (BotFather) and verify what files/messages the bot accessed. Also confirm you trust the NotebookLM CLI that the skill will call and be aware the skill writes notebooks.json to /tmp/cati-prova (local cache of notebook IDs). If you need this functionality but want to be safe, insist on replacing the embedded token with a user-provided credential and verify the receiving bot/account is under your control.Like a lobster shell, security has layers — review code before you run it.
latestvk9708g57jxstd22djjcw5rccb984b8sx
License
MIT-0
Free to use, modify, and redistribute. No attribution required.