ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Acer

v1.0.6

提供Acer笔记本、台式机、显示器等产品信息、门店查询、新品资讯及技术支持服务。

0· 88·1 current·1 all-time
by@hanxueyuan
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Metadata/description claims product info, store search, news and technical support for Acer devices, but the delivered SKILL.md only contains a brief static 'knowledge card' template for general Acer facts and triggers for when to read it. The declared functionality is broader than what the instructions implement.
Instruction Scope
SKILL.md is short and static: it defines when to read the card and provides a template of key facts. It does not instruct the agent to read files, call external endpoints, or access environment variables.
Install Mechanism
No install spec and no code files are present (instruction-only). This minimizes installation risk because nothing is written to disk or fetched at install time.
Credentials
Skill requests no environment variables, credentials, or config paths. There is no apparent need for elevated access given the SKILL.md content.
Persistence & Privilege
always is false and model-invocation is allowed (default). The skill does not request persistent privileges or modify other skills; autonomous invocation is normal but combined with other issues would raise concern.
What to consider before installing
This skill appears technically harmless (no installs, no secrets) but is inconsistent: its description promises features like store lookup and technical support while the actual SKILL.md only provides a brief static 'Acer' facts template. Before installing, consider: 1) Do you need the extra features the description promises? If so, ask the publisher for the missing implementation or choose a skill that declares the APIs/credentials it uses. 2) Check the skill's provenance (homepage/owner) — none is provided here. 3) Because it can be invoked autonomously, monitor its behavior after enabling and review updates for added capabilities. If you only want a simple static summary, this is fine; if you expect interactive store/search/support functions, treat this skill as incomplete or mislabelled.

Like a lobster shell, security has layers — review code before you run it.

latestvk979js8r8rbz3y7effx7ye130d84w8gv

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments