ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Working Capital Optimizer

v1.0.0

Provides frameworks and templates to analyze and optimize working capital management with actionable recommendations and next steps.

0· 15·0 current·0 all-time
byhaidong@harrylabsj
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name, description, skill.json tags and the handler.py logic all align: this is a descriptive working-capital analysis skill that only parses user text and returns JSON recommendations. No unrelated binaries, APIs, or credentials are requested.
!
Instruction Scope
SKILL.md repeatedly states 'No real code execution' and 'No external API calls', but the package includes an executable handler.py and tests that call it. The handler is self-contained (reads only the provided user input) and does not access files, env vars, or network, but the presence of runnable code contradicts the plain-language safety assurances — this could mislead non-technical reviewers.
Install Mechanism
No install spec is provided (instruction-only style). There are code files included but nothing is downloaded or installed from external URLs. Risk from install mechanism is low.
Credentials
No required environment variables, credentials, or config paths are declared or referenced. handler.py only consumes supplied text input and uses standard library modules (json, sys, re).
Persistence & Privilege
Skill flags are default (always:false, user-invocable:true, model invocation allowed). The skill does not request persistent or elevated privileges and does not modify other skills or system configs.
What to consider before installing
This skill appears to implement the claimed working-capital analysis and does not request credentials or network access, but the documentation's claim of 'No code execution' conflicts with the included handler.py that will run when the skill is invoked. If you plan to install it: 1) review handler.py yourself (it's short and readable) to confirm it only uses the provided input and standard libraries (no network, no file writes); 2) run it in a sandbox or isolated environment first if you want extra safety; 3) if you need absolute assurance that no code will execute, decline installation — a purely instruction-only skill (no handler file) would better match that promise. If you want to proceed but are unsure, ask the publisher to clarify why an executable handler is included despite the 'no code execution' statements.

Like a lobster shell, security has layers — review code before you run it.

latestvk979fpt5m1mfmmt4bwcrvy7wgn854p5b
15downloads
0stars
1versions
Updated 7h ago
v1.0.0
MIT-0
haidong@harrylabsj
latest
Download

Working Capital Optimizer

Overview

Helps optimize working capital management. This is a descriptive skill that provides frameworks and templates without executing real code.

Safety

  • No real code execution
  • No external API calls
  • No financial transactions
  • Informational only

Outputs

  • Structured analysis
  • Actionable recommendations
  • Next steps checklist

Comments

Loading comments...