ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Accountability

v0.1.0

Tracks follow-ups for every action with a future outcome — deploys, crons, fixes, configs. Maintains a centralized FOLLOWUPS.md with structured items, escala...

0· 62·0 current·0 all-time
byGuilherme Favaron@guifav
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill's name, description, and SKILL.md consistently describe maintaining FOLLOWUPS.md, registering checks, and escalating failures — filesystem and network access (to run checks like curl) are plausible for this purpose. However, the registry summary above lists no required binaries while claw.json declares a required binary (curl). That mismatch is unexplained and should be clarified.
Instruction Scope
SKILL.md is narrowly focused on creating/editing FOLLOWUPS.md and defining explicit 'Check' commands to verify outcomes. That scope is appropriate. It does include vague actions such as 'alert Guilherme', 'heartbeat cron', and 'daily/weekly summary reports' without specifying destinations or channels; that ambiguity could lead an agent to use network endpoints or credentials that are not documented.
Install Mechanism
This is instruction-only (no install spec, no code files). That minimizes install-time risk since nothing is downloaded or written beyond the follow-up files the skill manages.
Credentials
The skill declares no required environment variables (reasonable). SKILL.md instructs using env var references inside individual Check commands (e.g., $CULKIN_API_KEY) which is acceptable because checks run against external services, but the skill does not request or document any specific credentials. Combined with the claw.json 'network' permission and the earlier mismatch about needing curl, users should expect the agent to potentially reference user env vars and network endpoints — verify which secrets the agent will be allowed to use.
Persistence & Privilege
always:false and user-invocable:true — normal. claw.json requests 'filesystem' and 'network' permissions which are proportionate to editing FOLLOWUPS.md and running checks, but network access increases blast radius if follow-ups contain copyable check commands that contact external services.
What to consider before installing
This skill is mostly coherent for tracking follow-ups, but ask the author to clarify two things before installing: (1) the manifest discrepancy — claw.json lists 'curl' as required while the registry summary showed none, and (2) where 'alerts', heartbeats, and summaries are sent (email/webhook/Slack) and what credentials they need. Because the skill requests filesystem and network permissions, consider running it in a sandboxed workspace, review any FOLLOWUPS.md checks for embedded endpoints or env var names (don’t allow it to use secrets you don't expect), and ensure you’re comfortable granting network access for health checks. If you want to be stricter, require the skill only have filesystem access and explicitly approve any network/credential usage per check.

Like a lobster shell, security has layers — review code before you run it.

latestvk9771efqsd127r1yvhtafjjvyx83fw21

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments