ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Cartier

v1.0.5

提供卡地亚珠宝手表系列、价格、门店信息及礼品推荐,支持售后保养和定制服务咨询。

0· 71·1 current·1 all-time
by@hanxueyuan
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill's name/description claim dynamic capabilities (prices, store info, gift recommendations, after‑sales and customization consultation). The SKILL.md is a short, static '百科' guide with triggers for when to read it and contains no instructions or requirements to fetch live data or contact external services. That makes the advertised dynamic features unsupported by the runtime instructions.
Instruction Scope
SKILL.md only contains static content and simple 'read_when' triggers. It does not instruct the agent to read files, access environment variables, call external endpoints, or transmit data outside the system.
Install Mechanism
There is no install specification and no code files — instruction-only. Nothing is written to disk and no external packages are fetched.
Credentials
The skill declares no required environment variables, credentials, or config paths. Requested access is minimal and proportionate to the provided static content.
Persistence & Privilege
Defaults are used (not always:true). The skill does not request elevated persistence or modify other skills or system settings.
What to consider before installing
This skill is low-risk technically (no installs, no credentials). However, its description promises real‑time features (prices, store availability, consultations) but the SKILL.md contains only static encyclopedia-style content. Expect only general brand info; do not rely on it for up-to-date pricing, stock, or official after-sales actions. If you need live or transactional data, use official Cartier channels or a skill that explicitly documents how it fetches and updates that information. Because the source/ homepage are unknown, review sample outputs before enabling autonomous use and avoid sending personal or purchase-sensitive data to the skill.

Like a lobster shell, security has layers — review code before you run it.

latestvk97brvb0xq9v3r9skg603qqbr584xk95

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments