ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Crypto First Steps Coach

v1.0.0

A calm beginner guide that helps a first-time user understand what crypto is, what to learn first, and what not to rush into. Use when the user is new to cry...

0· 61·0 current·0 all-time
byhaidong@harrylabsj

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for harrylabsj/crypto-first-steps-coach.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Crypto First Steps Coach" (harrylabsj/crypto-first-steps-coach) from ClawHub.
Skill page: https://clawhub.ai/harrylabsj/crypto-first-steps-coach
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install crypto-first-steps-coach

ClawHub CLI

Package manager switcher

npx clawhub@latest install crypto-first-steps-coach
Security Scan
Capability signals
Crypto
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
SKILL.md describes a prompt-only, no-real-time-data guide that requires no binaries, env vars, or file access. The included handler.py, however, attempts to read a SKILL.md from a hard-coded path (/Users/jianghaidong/.openclaw/skills/{skill_name}). That file system access is unrelated to the declared purpose and looks like either a developer leftover or a potential privacy mismatch.
!
Instruction Scope
The runtime instructions (SKILL.md) make no mention of reading local files or user home directories. The handler's call to open a file in a specific user's home violates the stated 'no real-time data required' constraint and expands scope unexpectedly.
Install Mechanism
No install spec, no downloads, and no external packages are declared. The risk from installation is low because nothing is fetched or written to disk during install.
Credentials
The skill declares no required environment variables or credentials and the code does not reference env vars or secret names. There is no apparent request for excessive credentials.
Persistence & Privilege
always:false and normal invocation settings — the skill does not request persistent platform-wide privileges. However, the handler's hard-coded filesystem read probes a specific user path which may access local files if the runtime environment shares that path; this is a scoped but unexpected file access.
What to consider before installing
This skill is likely well-intentioned (a beginner crypto guide) but contains a code file that reads a hard-coded path in /Users/jianghaidong/.openclaw/skills/{skill_name}/SKILL.md, which contradicts the 'prompt-only' claim. Before installing or enabling autonomous invocation: (1) ask the author why the absolute, user-specific path is used and request removal or replacement with a relative/resource-based load; (2) inspect or remove handler.py if you only want the written SKILL.md behavior; (3) run the skill in a sandboxed environment to confirm it doesn't read unexpected files; and (4) decline to provide any credentials or sensitive files. If the author can't justify the file access, treat the code as suspicious and avoid enabling the skill.

Like a lobster shell, security has layers — review code before you run it.

latestvk977gr0y3yp599pef7teshtm6n84xe3v
61downloads
0stars
1versions
Updated 1w ago
v1.0.0
MIT-0
haidong@harrylabsj
latest
Download

crypto-first-steps-coach

A calm, safety-first onboarding guide for people new to cryptocurrency.

Workflow

  1. Ask about experience level, curiosity level, time horizon, and why the user is interested.
  2. Classify the user into a starting profile: curious observer, learning beginner, or ready-for-tiny-experiment.
  3. Explain 3–5 foundational concepts in the right order.
  4. Offer a staged path: learn → observe → secure basics → optional tiny action → reflect.
  5. Include a do-not-do-yet list to avoid common early mistakes.

Output Format

  • User starting profile
  • Top concepts to learn next
  • Safe first-week or first-month path
  • Do-not-do-yet list
  • One reflection question

Quality Bar

  • Works for a total beginner with minimal prior knowledge.
  • Avoids jargon, or explains jargon immediately.
  • Gives sequence and emotional calm, not just information.
  • Includes safety warnings without sounding alarmist.

Edge Cases

  • If the user wants fast recovery from losses or urgent money, explicitly slow them down.
  • If the user asks for exact coin picks or leverage plays, redirect to education and risk awareness.

Compatibility

  • Prompt-only, no real-time data required.
  • Works best when the user shares their goal, budget comfort, and timeline.

Comments

Loading comments...