ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Blind Date Assistant

v1.0.0

Help users decide how to shop on Taobao from public marketplace characteristics. Use when the user asks whether Taobao is a good place to buy something, how...

0· 253·0 current·0 all-time
byhaidong@harrylabsj
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The user-facing name you supplied ('Blind Date Assistant') does not match the SKILL.md (name: taobao-shopping). The manifest contains hundreds of files from many different skills and components (decision-journal, second-brain-triage, various shopping skills, agent bootstrapping docs). That large, multi-project footprint is disproportionate to a single low-sensitivity Taobao decision-support skill and suggests the bundle is an aggregated repo rather than a single-purpose skill.
!
Instruction Scope
The SKILL.md itself is properly scoped to public, non-account operations. However the included files (notably agents/code/AGENTS.md, BOOTSTRAP.md, SOUL.md, and multiple scripts) instruct an agent to read workspace memories (memory/YYYY-MM-DD.md, MEMORY.md), read and update identity/state files, and perform background memory maintenance. Some scripts (e.g., decision-journal CLI) write to ~/.openclaw/*. Those behaviors contradict the SKILL.md claim of 'does not perform ... local database persistence' and expand the skill's runtime scope beyond what's documented.
Install Mechanism
No install spec is declared (instruction-only by registry), which limits automatic installation risk. However the bundle contains many executable scripts and CLIs (Python/JS/TS) and templates that, if run, would execute code and write to disk. Absence of an install step reduces automatic risk but the included code is runnable and could be executed by an agent or a user later.
!
Credentials
Registry metadata lists no required env vars, but multiple included skill docs reference environment variables and API keys (e.g., TODOIST_API_TOKEN, NOTION_API_KEY, OPENAI_API_KEY) and configuration paths (Obsidian vault paths, ~/.config/second-brain-triage/config.yaml). The package therefore contains components that would expect credentials or access to user files even though the published skill declares none—this is an incoherence and increases the risk that installing/using the bundle could lead to credential or local-file usage.
!
Persistence & Privilege
The skill is not set always:true and is user-invocable (normal). But included code and docs indicate persistent storage and memory updates under ~/.openclaw (decision journal, snapshots, indexes). SKILL.md explicitly says it will not do login, order retrieval, cookie handling, or local DB persistence—yet the repository contains code that persists to the user's home. That mismatch is a red flag: the package can persist data if those scripts are run even though the skill claims it won't.
What to consider before installing
Do not install or enable this skill yet. Ask the publisher to explain why the bundle contains hundreds of unrelated files and why the SKILL.md (taobao-shopping) contradicts the skill name you saw. Specifically: (1) confirm which files are part of runtime instructions and which are mere references; (2) ask for a minimal package or a clear install/usage guide showing no local file writes; (3) refuse to provide any API keys or credentials until the scope is clarified; (4) if you want to try it, run it in a sandboxed environment (isolated VM/container) and audit any scripts that write to ~/.openclaw or reference external API tokens; (5) if the author cannot justify the extra files or remove instructions that read/write user memory, treat the package as untrusted.
agents/main/second-brain-release/second-brain/test/run-tests.js:37
Shell command execution detected (child_process).
skills/context-preserver/bin/cli.js:17
Shell command execution detected (child_process).
skills/pattern-miner/src/analyzer.ts:35
Shell command execution detected (child_process).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk970pv7pqqvc67cdn8bst5t1vd8372cd

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments