Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description and runtime code align: the package implements a multi-source search/recommendation engine (ClawHub mirror, GitHub, local sources). However there are small mismatches in metadata: SKILL.md claims TypeScript and Fuse.js (fuzzy search) while package.json only lists axios and the package.json version (1.0.4) differs from registry metadata (1.0.5). These look like sloppy packaging rather than functional breakage, but they are inconsistencies to verify.
Instruction Scope
SKILL.md describes CLI commands (search, info, recommend, etc.) and the code implements those behaviors. The runtime instructions and code limit their actions to searching sources, formatting results, caching, and basic recommendation—there is no code that reads arbitrary local files, spawns shells, or exfiltrates system credentials.
Install Mechanism
There is no install spec in the manifest (instruction-only), but the skill includes runnable code and a package.json with a single dependency (axios). No downloads from arbitrary URLs or archive extraction are present in the codebase. The lack of declared dependencies mentioned in SKILL.md (e.g., Fuse.js) is a packaging inconsistency you should confirm before running.
Credentials
The skill declares no required environment variables or credentials and the code only optionally accepts an API key for the ClawHub client. It does not request or access unrelated secrets or config paths. That said, the client will make outbound HTTP requests, so no secrets should be provided to unknown endpoints.
Persistence & Privilege
The skill does not request always:true or any privileged persistent presence. It does not modify system or other-skill configs. Normal autonomous invocation is allowed by default (not a concern on its own).
What to consider before installing
This skill appears to implement what it claims (a skills search/recommender) but there are a few red flags to check before installing:
- Verify the external endpoints: the code queries https://clawhub.ai and a mirror at https://skills.volces.com. Confirm you trust that mirror domain; if not, remove or sandbox network access.
- Confirm dependencies and packaging: SKILL.md mentions Fuse.js/TypeScript but package.json only contains axios and the repo version differs from the registry metadata. Ensure required libraries are installed and consider running the package in an isolated environment first.
- No secrets are required; do not supply API keys or tokens to unknown endpoints unless you can verify the endpoint's legitimacy.
- If you need higher assurance, review the source-manager and source implementation files (src/sources/*) to see exactly which remote URLs are called and how responses are handled.
Given these inconsistencies and the presence of a third-party mirror, proceed with caution (run in a sandbox or review network traffic) rather than outright blocking the skill.Like a lobster shell, security has layers — review code before you run it.
latestvk97ef590x3d2jw1gja213w885584dvm8
License
MIT-0
Free to use, modify, and redistribute. No attribution required.