ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Crypto Review Ritual

v1.0.0

A monthly or quarterly review skill that helps users learn from their crypto behavior, update conviction, and tighten rules. Use when the user wants a struct...

0· 64·0 current·0 all-time
byhaidong@harrylabsj

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for harrylabsj/crypto-review-ritual.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Crypto Review Ritual" (harrylabsj/crypto-review-ritual) from ClawHub.
Skill page: https://clawhub.ai/harrylabsj/crypto-review-ritual
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install crypto-review-ritual

ClawHub CLI

Package manager switcher

npx clawhub@latest install crypto-review-ritual
Security Scan
Capability signals
Crypto
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The SKILL.md describes a prompt-only crypto review workflow that needs no filesystem or credentials. However handler.py attempts to read /Users/jianghaidong/.openclaw/skills/{skill_name}/SKILL.md — a hard-coded home-directory path unrelated to the stated purpose. This access is unnecessary for a prompt-only skill and is disproportionate.
!
Instruction Scope
The runtime instructions (SKILL.md) are purely conversational and make no mention of reading local files. The code, however, performs file I/O on an absolute path. That is scope creep: the implementation can access local files while the docs claim it operates from memory/journal input only.
Install Mechanism
No install script or external downloads are present; this is an instruction-only skill with a tiny handler/test stub. Lack of install steps lowers the attack surface.
!
Credentials
The skill declares no required environment variables or credentials, but the handler reads a specific config path in a user's home directory. Accessing arbitrary local config paths was not declared and is disproportionate to a reflective prompt skill.
Persistence & Privilege
The skill is not always-enabled and does not request elevated or persistent platform privileges. It does not modify other skills or system settings in the provided code.
What to consider before installing
This skill looks like a legitimate reflection checklist, but the included handler.py contains a hard-coded path to /Users/jianghaidong/.openclaw/skills/... which the SKILL.md never mentions. That mismatch is suspicious: it could be an innocent developer leftover, but it means the code may try to read local files on the host. Before installing or enabling this skill, ask the author to explain and remove the hard-coded path (or change it to use only the supplied inputs). If you must test it, run it in an isolated sandbox or inspect/modify handler.py so it no longer performs unexpected file I/O. If you don't have that option, avoid installing it or treat it as untrusted.

Like a lobster shell, security has layers — review code before you run it.

latestvk97dw4ccmk3cry2y4j802tde8n84y7w0
64downloads
0stars
1versions
Updated 1w ago
v1.0.0
MIT-0
haidong@harrylabsj
latest
Download

crypto-review-ritual

A monthly or quarterly review skill that helps users learn from their crypto behavior and tighten rules.

Workflow

  1. Ask what period is being reviewed and what major actions or non-actions happened.
  2. Review decisions across thesis, behavior, safety, and emotional patterns.
  3. Separate good process from lucky outcome and bad process from unlucky outcome.
  4. Extract 2 to 4 lessons.
  5. Turn lessons into one keep, one change, and one stop rule.

Output Format

  • Period summary
  • What went well
  • What felt off
  • Lessons learned
  • Keep / Change / Stop list
  • Next review date

Quality Bar

  • Converts reflection into behavior change.
  • Does not obsess over short-term price movement alone.
  • Encourages honesty without self-punishment.
  • Fits both active and low-activity users.

Edge Cases

  • If the user made no transactions, still review learning quality, attention quality, and emotional discipline.
  • Not a tax report or formal performance attribution tool.

Compatibility

  • Prompt-only, works from memory, journal notes, or rough portfolio summaries.
  • Strong anchor skill for long-term personal growth flows.

Comments

Loading comments...