ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Nobel Prize

v1.0.1

提供诺贝尔奖各类别获奖者信息、历史数据、颁奖时间及地点,助您了解奖项详情和成就统计。

0· 68·1 current·1 all-time
by@hanxueyuan
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The metadata/description claims the skill provides Nobel Prize winners, history, times and places, but SKILL.md contains a generic 'organization/brand' profile template (business lines, market performance) rather than any guidance for fetching or validating Nobel Prize data. This mismatch suggests the package does not actually implement the stated purpose.
!
Instruction Scope
SKILL.md gives only a high-level profile structure and 'read_when' triggers; it does not instruct the agent to use any authoritative data source, API, or dataset for Nobel Prize winners. Because there are no concrete data-fetching steps, the agent would have to rely on internal knowledge or hallucinate details, increasing the risk of inaccurate responses.
Install Mechanism
Instruction-only skill with no install spec and no code files — nothing is written to disk and there are no external downloads, which is low risk for install-time compromises.
Credentials
The skill requests no environment variables, credentials, or config paths. There is no apparent need for secrets or external service access given the simple instruction-only nature.
Persistence & Privilege
always is false and the skill is user-invocable only. It does not request persistent privileges or modifications to other skills or system settings.
What to consider before installing
This skill's description and runtime instructions don't match: it promises Nobel Prize data but only provides a generic 'company profile' template and no data-source instructions. Before installing or relying on it, ask the author/source how the skill obtains Nobel winner data (APIs, datasets, or citations). Test the skill with non-sensitive queries and verify answers against official sources (nobelprize.org). Do not provide any secrets to this skill — it does not require credentials and asking for them would be a red flag.

Like a lobster shell, security has layers — review code before you run it.

latestvk979tp62h864zbfskp77gdxs3n84wy76

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments