Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
resolved-sh-rstack
v1.0.2The operator skill suite for the agentic web. Helps resolved.sh operators maximize their presence and build a successful agent-native business: audit page qu...
⭐ 0· 103·0 current·0 all-time
by@hichana
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The SKILL.md files uniformly require a resolved.sh subdomain, API key, and resource ID to fetch and update listings (curl calls to https://{subdomain}.resolved.sh and PUT /listing/{id}). Those credentials are exactly what the skills need for the stated purpose. However, the registry-level Requirements block provided to the scanner lists 'Required env vars: none' and 'Primary credential: none' — this is an internal inconsistency that could mislead installers about what secrets the skill needs.
Instruction Scope
The runtime instructions perform network calls (curl) to resolved.sh endpoints, parse results with inline python, generate copy-pasteable curl commands (including full PUT commands that embed the API key), and offer to run those commands if the operator confirms. All of this is consistent with a page/content/audit tool, but it does mean the agent will (when given the env vars) be able to perform live updates to your resolved.sh listing and call external registries (smithery, skills.sh, etc.). Confirm-before-run flows are present (AskUserQuestion), which reduces risk if you verify interactions before execution.
Install Mechanism
Instruction-only skill (no install spec, no code files beyond SKILL.md text). This is low-risk from an install/write-to-disk perspective since nothing is downloaded or executed at install time.
Credentials
The environment variables used across the SKILL.md files are RESOLVED_SH_API_KEY, RESOLVED_SH_RESOURCE_ID, and RESOLVED_SH_SUBDOMAIN — all proportional to the skill's function. The concern is that the registry listing claims no required env vars or primary credential, yet the skill repeatedly instructs reading/using the API key and resource ID. That mismatch could cause an operator to install the skill without realizing it requires an API key (sensitive credential).
Persistence & Privilege
always is false and there is no install-time persistence requested. The skill can invoke actions at runtime (default model invocation allowed). Because the skill can generate and optionally execute PUT/PATCH commands that include your API key, allow-listing or running it autonomously increases blast radius — prefer manual confirmation before running update operations.
What to consider before installing
This skill appears to be a legitimate operator toolkit for resolved.sh, but the registry metadata incorrectly omits the environment variables the SKILL.md files require. Before installing: (1) verify the skill's source (the registry lists 'unknown'); prefer the official resolved.sh GitHub if available; (2) do not provide a high-privilege API key — create a least-privileged/rescoped key or test account if possible; (3) prefer to copy-paste the generated curl commands and run them yourself instead of letting the agent execute them autonomously; (4) confirm that you are comfortable the skill will read RESOLVED_SH_API_KEY, RESOLVED_SH_RESOURCE_ID, and RESOLVED_SH_SUBDOMAIN and may send them to resolved.sh endpoints; (5) ask the publisher to correct the registry metadata to list the required env vars so the permissions are explicit. If you want to be cautious, run the skill in an environment that can be audited or where you can rotate the API key after testing.Like a lobster shell, security has layers — review code before you run it.
latestvk97bh645jmbh3pskc1yj80wss1840zaq
License
MIT-0
Free to use, modify, and redistribute. No attribution required.