ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Yield Offer Sanity Check

v1.0.0

A checklist skill that evaluates whether a yield, staking, or earn offer is reasonable or suspicious. Use when the user encounters a yield promotion. Prompt-...

0· 64·0 current·0 all-time
byhaidong@harrylabsj

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for harrylabsj/yield-offer-sanity-check.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Yield Offer Sanity Check" (harrylabsj/yield-offer-sanity-check) from ClawHub.
Skill page: https://clawhub.ai/harrylabsj/yield-offer-sanity-check
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install yield-offer-sanity-check

ClawHub CLI

Package manager switcher

npx clawhub@latest install yield-offer-sanity-check
Security Scan
Capability signals
CryptoCan make purchases
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The SKILL.md describes a prompt-only checklist for yield offers and declares no required binaries, env vars, or config paths. However, the packaged handler.py attempts to load a SKILL.md from a hard-coded absolute path under /Users/jianghaidong/.openclaw/skills/{skill_name}. Reading local files is not justified by the stated prompt-only purpose and is disproportionate.
!
Instruction Scope
Runtime instructions (SKILL.md) do not instruct reading any filesystem path, but handler.py performs file I/O: opening an absolute path to a SKILL.md. This is scope creep: the code accesses local files not mentioned in the documentation and could be used to read arbitrary files via crafted skill_name (relative path segments).
Install Mechanism
There is no install specification (instruction-only), so nothing is downloaded or written during install. The risk comes from the included code being executed by the platform rather than from an installer or third-party download.
!
Credentials
The skill declares no required environment or credentials, yet the code reaches into a specific user's home path. This implicit dependence on a local config path is unexplained and disproportionate to the skill's purpose; it may expose local files if the platform executes handler.py with attacker-controlled arguments.
Persistence & Privilege
The skill does not request 'always' presence, does not declare elevated privileges, and does not modify other skills. The main privilege concern is the code's ability to read local files when invoked, not persistent installation privileges.
What to consider before installing
The skill's markdown describes a prompt-only checklist, but the included handler.py reads a hard-coded absolute path (/Users/jianghaidong/.openclaw/skills/{skill_name}/SKILL.md). This is inconsistent and risky: if the platform executes handler.handle with a crafted skill_name, the code could read local files (and path traversal via '..' segments may be possible). Before installing, ask the author why the skill needs to read a local SKILL.md and request that they remove filesystem access or sanitize and constrain paths. If you must test it, run the skill in a tightly sandboxed environment, inspect/modify handler.py to remove the file read, or demand the skill be truly prompt-only (no code). Also consider denying autonomous invocation or reviewing runtime logs for unexpected file reads. Do not install it into a production agent until the file-access behavior is explained or removed.

Like a lobster shell, security has layers — review code before you run it.

latestvk9741f266qrev7m15dwmsxjbzd84y9qr
64downloads
0stars
1versions
Updated 1w ago
v1.0.0
MIT-0
haidong@harrylabsj
latest
Download

yield-offer-sanity-check

A checklist skill that evaluates whether a yield, staking, or earn offer is reasonable or suspicious.

Workflow

  1. Take the yield offer details: platform, APY, token, lock period, and conditions.
  2. Run a sanity check: compare APY to risk-free rate, flag inconsistency.
  3. Check for red flags: guaranteed returns, complex mechanics hidden behind jargon, token inflation to pay yield.
  4. Assess the protocol's track record, team, and audit status.
  5. Give a verdict: reasonable, suspicious, or needs more information.

Output Format

  • Offer summary
  • Sanity check verdict
  • Red flags found
  • What makes sense and what does not
  • Recommended next step

Quality Bar

  • Uses math and evidence, not vague skepticism.
  • Distinguishes between high APY due to inflation versus real yield.
  • Does not declare any platform safe, only flags clear warning signs.

Edge Cases

  • New protocols with no track record should be flagged even if the offer looks clean.
  • If the user does not share the token name or platform, say what is unknown.

Compatibility

  • Prompt-only, no on-chain data required.
  • Best with specific offer details typed or pasted by the user.

Comments

Loading comments...