Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description (mental models, decision frameworks) matches the contents: many Markdown docs and templates. The only code file (scripts/recommend.py) is consistent with the advertised 'recommendation engine'. No unrelated credentials, binaries, or config paths are requested.
Instruction Scope
SKILL.md and other docs are documentation-first and the runtime instructions are limited to triggers/metadata and usage guidance. However, a pre-scan flagged 'unicode-control-chars' in SKILL.md — control characters in skill text can be used for prompt-injection attacks against agents. The docs also include installation instructions that suggest copying files into a user workspace (~/.openclaw), which is normal for a skill but means local files are written to disk by a user following those instructions.
Install Mechanism
There is no automated install specification in the registry (instruction-only skill). INSTALL.md documents cloning/copying from GitHub into a local skills folder — a low-risk, transparent manual install path. No opaque remote binary downloads or extracted archives were declared in the registry data.
Credentials
The skill declares no required environment variables, no credentials, and no privileged config paths. That is proportionate for a documentation/template skill with an optional local recommendation script.
Persistence & Privilege
Flags show always:false and normal autonomous invocation allowed. The skill does not request persistent elevated privileges or to modify other skills or global agent configuration in the provided materials.
Scan Findings in Context
[unicode-control-chars] unexpected: Control/unicode control characters were detected inside SKILL.md. Such characters are not needed for a documentation skill and can be used in prompt-injection attacks to manipulate agent interpreters. This finding should be investigated; it does not prove maliciousness but increases risk.
What to consider before installing
This skill is primarily documentation and templates for decision-making frameworks and appears coherent with its stated purpose. Before installing or enabling it: 1) Inspect scripts/recommend.py locally (open the file) and search for network calls (requests, urllib, sockets), subprocess/system exec usage, eval/exec or file-write behavior. 2) Search SKILL.md and other Markdown files for hidden/control Unicode characters (non-printing characters) and remove them if found. 3) If you plan to run the Python script, run it in a sandboxed environment (container or VM) and monitor outbound network activity. 4) Because the repo suggests copying files into ~/.openclaw, be aware this writes files to your user profile — verify content before copying. If recommend.py contains only keyword matching and local JSON output (no network, no shell exec, no secrets access), the risk is low and the skill is coherent. If recommend.py performs network requests or executes shell commands, treat the package as higher risk and avoid installing until code is reviewed.Like a lobster shell, security has layers — review code before you run it.
latestvk975qm03xhb95w1rfvjrz7d85d83bya2
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🧠 Clawdis