ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Singapore City

v1.0.1

提供新加坡旅游景点、文化、美食、住宿和交通信息,助你规划旅行与了解当地生活细节。

0· 61·1 current·1 all-time
by@hanxueyuan
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill metadata/description (tourism, attractions, food, transport) conflicts with SKILL.md (an information index for a brand/organization named 'singapore-city' with fields like founding date, headquarters, products, market position). This mismatch means the skill may not provide what users expect or may be mislabeled.
Instruction Scope
SKILL.md is short and self-contained and does not instruct the agent to access files, credentials, or external endpoints. However, the instructions focus on company/brand profiling rather than travel content advertised in the description — scope is narrow but inconsistent with the public description.
Install Mechanism
Instruction-only skill with no install spec and no code files; nothing is written to disk and no third-party packages are pulled.
Credentials
The skill declares no required environment variables, credentials, or config paths — requested access is minimal and proportionate to either claimed use-case.
Persistence & Privilege
always:false and normal invocation settings. The skill does not request persistent or elevated privileges and does not modify other skills or system-wide settings.
What to consider before installing
This skill is inconsistent: the public description promises travel guidance for Singapore, but the SKILL.md describes a company/brand profile for something called 'singapore-city'. It requests no secrets or installs (low technical risk), but you should: 1) ask the publisher to clarify and correct the description or SKILL.md before relying on it; 2) avoid installing if you need travel guidance now — the skill likely won't provide it; and 3) if you proceed, test it in a limited context and verify outputs against trusted sources.

Like a lobster shell, security has layers — review code before you run it.

latestvk97d4ks4b2fp0pffnece5kgbk984w0k2

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments