Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
first-aid-kit
v1.0.0A first aid learning assistant. Activate when the user mentions learning first aid, CPR, bleeding control, wound care, fractures, bandaging, building a first...
⭐ 0· 40·0 current·0 all-time
by枳初@futureidiot
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description match the instructions: Q&A, practice guidance, kit configuration, myths, and optional daily tips. The skill requests no binaries, credentials, or installs, which is proportionate for an instruction-only learning assistant.
Instruction Scope
The SKILL.md contains conflicting guidance: it requires the agent to "always prepend" a safety notice to every response, but the cron payload in Module 4 explicitly says "No safety notice needed." Module 2 asks for step-by-step physical-practice instructions while the Boundaries section forbids providing step-by-step instructions that could be mistakenly applied to real emergencies — this is ambiguous and could lead the agent to produce actionable instructions for real situations. The skill also instructs the agent to call platform scheduling APIs (cron.add/remove/update), which is expected for daily tips but expands the agent's runtime behavior beyond on-demand replies.
Install Mechanism
Instruction-only skill with no install spec and no code files. This is low risk from an installation perspective — nothing is written to disk or downloaded.
Credentials
No environment variables, credentials, or config paths are requested. That matches the stated purpose and is proportionate.
Persistence & Privilege
The skill instructs use of cron.add to create a recurring job that will generate and announce daily tips. While not inherently malicious, this creates persistent, autonomous behavior (scheduled agent turns) and delivery of unsolicited messages; users should confirm how scheduled messages are delivered, whether they can opt out, and that the scheduled job respects the safety notice rules.
What to consider before installing
This skill appears to be what it claims (a learning assistant) but has internal inconsistencies you should resolve before enabling scheduling or relying on it for safety-critical guidance. Specifically:
- Confirm how scheduled tips are generated and delivered by your platform. cron.add will create a persistent job that runs autonomously; make sure you understand where messages appear, and how to disable or inspect the job.
- Ask the author to fix the contradiction: SKILL.md says "always prepend" a safety notice, but the cron payload says "No safety notice needed." Decide which behavior you want; scheduled tips that omit the safety notice may violate the skill's own safety policy.
- Clarify the boundary between practice guidance and real emergency advice. The module allowing step-by-step physical practice is reasonable for drills, but the instructions are ambiguous about when step-by-step actions are allowed versus forbidden. If you care about minimizing risk, restrict the skill to text-based simulations only or require an explicit user confirmation step before any procedural guidance.
- Test the daily-tip flow in a safe environment before enabling for production users, and confirm you can list/remove the cron job (cron.remove / cron.update) and that it cannot be used to escalate privileges or exfiltrate data.
If these issues are addressed (fix the safety-notice contradiction, tighten the language about actionable steps, and confirm cron behavior), the skill would be coherent and appropriate for a learning assistant.Like a lobster shell, security has layers — review code before you run it.
latestvk97ehg5sbxpvgwtr6gkg81mcfs83h3xp
License
MIT-0
Free to use, modify, and redistribute. No attribution required.