ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Crypto Dca Reflection Guide

v1.0.0

A reflection skill that helps decide whether a recurring buy habit fits the user's goals, budget, and temperament. Use when the user is considering a DCA str...

0· 61·0 current·0 all-time
byhaidong@harrylabsj

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for harrylabsj/crypto-dca-reflection-guide.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Crypto Dca Reflection Guide" (harrylabsj/crypto-dca-reflection-guide) from ClawHub.
Skill page: https://clawhub.ai/harrylabsj/crypto-dca-reflection-guide
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install crypto-dca-reflection-guide

ClawHub CLI

Package manager switcher

npx clawhub@latest install crypto-dca-reflection-guide
Security Scan
Capability signals
Crypto
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The SKILL.md describes a prompt-only reflection guide (no automation). The code in handler.py attempts to read /Users/jianghaidong/.openclaw/skills/{skill_name}/SKILL.md — an absolute, user-specific path unrelated to a distributed prompt-only skill. This hard-coded path is not needed for the stated purpose and is an incoherence (it attempts local file access outside the packaged skill).
Instruction Scope
SKILL.md explicitly says prompt-only and no external integrations; the instructions do not request reading local files or secrets. The handler.py nevertheless attempts to load a SKILL.md from a local home directory. That behavior is not documented in SKILL.md and expands the runtime scope unexpectedly.
Install Mechanism
There is no install spec (instruction-only). No downloads or package installs are requested, which aligns with a low-risk, prompt-first skill.
Credentials
The skill declares no required environment variables, no credentials, and no config paths. The only surprising element is the hard-coded filesystem path in handler.py; it does not request secrets but does attempt to read a local file path that is unrelated to the description.
Persistence & Privilege
Flags such as always and autonomous invocation are default/normal. The skill does not request permanent presence or system-wide config changes.
What to consider before installing
This skill is broadly what it says (a DCA reflection guide), but the included handler.py contains a hard-coded absolute path (/Users/jianghaidong/...) and will attempt to open SKILL.md from that location. Before installing or enabling: 1) Inspect or run the code in a sandbox — the file read will fail on most systems but could expose local file reads if paths overlap. 2) Ask the author why the absolute user path is used; the code should use a relative path or package resource instead. 3) If you don't trust the author, decline installation — at minimum modify handler.py to remove the absolute path and load the included SKILL.md from the package directory. 4) Because no network or credential access is requested, the risk is limited to local file reads; nonetheless treat this as a privacy/quality issue and fix or confirm before use.

Like a lobster shell, security has layers — review code before you run it.

latestvk97eh8xd69m5cjennr4b54bm1h84whc3
61downloads
0stars
1versions
Updated 1w ago
v1.0.0
MIT-0
haidong@harrylabsj
latest
Download

crypto-dca-reflection-guide

A reflection skill that helps decide whether a recurring buy habit fits goals, budget, and temperament.

Workflow

  1. Ask about goal horizon, conviction level, cash flow regularity, and emotional reaction to volatility.
  2. Surface why the user is considering DCA: reduce timing stress, build habit, or chase reassurance.
  3. Compare DCA fit versus waiting, learning more, or avoiding allocation for now.
  4. If suitable, design a tiny rule-based experiment with clear review date.
  5. If not suitable, explain why not.

Output Format

  • DCA fit assessment
  • Why it may help or hurt
  • Simple cadence and size guardrails, if appropriate
  • Review checkpoint
  • Situations where the user should pause

Quality Bar

  • Balanced, not ideological.
  • Connects habit design to psychology and cash flow.
  • Makes tradeoffs visible.
  • Avoids pretending DCA removes risk.

Edge Cases

  • Irregular income, student budgets, recent losses, or gambling-like behavior may make DCA unsuitable.
  • Should not imply guaranteed outcomes.

Compatibility

  • Prompt-only, no automation or brokerage connection.
  • Works well with budget planner and review ritual skills.

Comments

Loading comments...