ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

我的技能

v1.0.2

我的技能用于解决XXX场景下的XXX问题,支持实现XXX、XXX和XXX核心操作,提高工作效率。

0· 92·0 current·0 all-time
byHerb@herbliu·duplicate of @herbliu/drop-a-folder-0409
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name and description claim generic productivity improvements but contain only placeholder text (XXX). There are no requested binaries, env vars, or config paths — which is plausible for an instruction-only skill — but the description is so vague that it provides no evidence the declared purpose can actually be achieved.
!
Instruction Scope
SKILL.md is entirely placeholder text (XXX) and provides no concrete runtime instructions, inputs/outputs, or allowed operations. That lack of specificity grants the agent broad discretion and could lead to unpredictable or unsafe behavior if the agent attempts to 'fill in' missing steps autonomously.
Install Mechanism
No install spec and no code files are present. This minimizes write-to-disk and supply-chain risk.
Credentials
The skill does not request any environment variables, credentials, or config paths — there is nothing disproportionate asked of the environment.
Persistence & Privilege
always is false (normal) and model invocation is allowed (platform default). While that is not a problem by itself, combining autonomous invocation with the skill's vague, non-actionable instructions increases the chance the agent will make arbitrary decisions.
What to consider before installing
This skill is essentially a placeholder: SKILL.md contains only 'XXX' and there is no source or homepage. Do not install or enable autonomous use until the author provides a concrete, detailed SKILL.md that explains inputs, outputs, example calls, and any required resources. Ask the publisher for: (1) real runtime steps or API/CLI calls the agent should make, (2) example inputs/outputs, (3) the source repository or homepage and author identity, and (4) any tests or safety constraints. Because the instructions are missing, avoid granting credentials or enabling persistent/autonomous invocation — the agent could behave unpredictably while trying to implement an unspecified task.

Like a lobster shell, security has layers — review code before you run it.

latestvk970yfab3wrk6tc4csj11hffax84gv1v

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments