ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

IT Events

v1.0.2

Finds new upcoming IT events worldwide based on user-selected interests and location, avoids duplicates, and helps return official registration or payment li...

0· 58·0 current·0 all-time
byDenys Popov@frankyjo
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The SKILL.md describes a general worldwide IT-events finder, but both provided scripts (setup-cron.sh and search-events.sh) build prompts that explicitly target Ukraine. The scripts also call the 'openclaw' CLI, yet the skill metadata declares no required binaries. The Ukraine-only behavior and the missing declared dependency are mismatches with the stated 'worldwide' purpose and metadata.
Instruction Scope
SKILL.md gives detailed, bounded runtime instructions (searching, deduplication, state file format, output format). The scripts follow those rules and implement state-file creation and agent invocation. The scripts do instruct the agent to update a local memory file (memory/it-events-sent.json), which is expected for deduplication but is an action that will write to the user's workspace.
Install Mechanism
There is no install spec (instruction-only), so nothing is downloaded or installed automatically. The included scripts are simple shell helpers and do not fetch external code or run arbitrary downloads.
!
Credentials
The skill declares no required environment variables or credentials, which aligns with SKILL.md, but the scripts implicitly require the 'openclaw' executable and optionally use OPENCLAW_WORKSPACE or HOME for where to write memory files. The implicit dependency on the openclaw CLI was not declared in the registry metadata.
Persistence & Privilege
always:false (no forced always-on). The setup script will add a recurring OpenClaw cron job (openclaw cron add) which grants the skill persistent scheduled runs inside OpenClaw. This is expected for a digest/cron use case but means the agent will be scheduled to run autonomously according to that job.
What to consider before installing
This skill appears to implement an event-finder and local deduplication, but review these before installing: (1) The shipped scripts target Ukraine specifically — if you expect worldwide searches, update the scripts or prompts accordingly. (2) The scripts call the 'openclaw' CLI and will create/modify memory/it-events-sent.json in your OpenClaw workspace (or $HOME/.openclaw/workspace) and may register a recurring cron job via OpenClaw; ensure you want that behavior and that the openclaw binary is trustworthy. (3) Confirm file permissions for the memory file and that the OpenClaw agent's permissions are appropriate, since the agent will be asked to update local state. If any of these mismatch your expectations, either edit the scripts or do not install/enable the cron job.

Like a lobster shell, security has layers — review code before you run it.

latestvk9796vdajc1ashm3zk8t6agxdd845m7x

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments