Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Unilever
v1.0.1提供联合利华旗下产品信息、品牌介绍、门店查询、新品发布及价格咨询,助力日化与食品消费决策。
⭐ 0· 76·1 current·1 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The advertised features (门店查询, 新品发布, 价格咨询) imply external data queries or APIs, but the skill has no declared env vars, binaries, install steps, or SKILL.md instructions that implement those functions. The SKILL.md only contains a brief encyclopedia-style outline (brand story, product matrix, global footprint, industry observation). This is a substantive mismatch between claimed capability and what the skill actually provides.
Instruction Scope
SKILL.md is narrowly scoped and safe: it contains only content-selection guidance and no commands, file reads, external endpoints, or requests for credentials. However it is underspecified for the claimed features (no guidance on how to perform store searches, price lookups, or fetch new-release data).
Install Mechanism
Instruction-only skill with no install spec and no code files. This is the lowest-risk install model (nothing is written to disk by an installer).
Credentials
No environment variables, credentials, or config paths are requested. There is no apparent attempt to access unrelated secrets or system config.
Persistence & Privilege
No elevated persistence requested (always:false). The skill can be invoked by the agent normally; this is the platform default and not a standalone concern given the rest of the footprint.
What to consider before installing
This skill is low-risk technically (no installs, no credentials), but its description overpromises: it claims store search, price checks, and new-release feeds while the SKILL.md only offers a generic brand overview. Before installing or relying on it: 1) confirm the skill's source and ask the author for a homepage or data-source details; 2) test simple queries to see what it truly returns; 3) do not rely on it for transactional or sensitive tasks (price/availability) until it documents how it obtains that data; 4) if you need store locators or price data, prefer skills that explicitly declare APIs, credentials, or install steps matching those features.Like a lobster shell, security has layers — review code before you run it.
latestvk97eb2pd3w3dw2z5wj48n28a2s84wn4q
License
MIT-0
Free to use, modify, and redistribute. No attribution required.