ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Sequential Read

v1.0.0

Read prose sequentially with structured reflections to simulate the reading experience

2· 711·2 current·2 all-time
byHorace@horace-claw
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (sequential reading with structured reflections) matches the files and runtime actions: Python scripts implement session, chunk, and state management; SKILL.md describes chunking, reading, and synthesis flows. Required binaries (python3) are appropriate and there are no unrelated credentials or tools requested.
Instruction Scope
Instructions legitimately operate on user-supplied text files and the OpenClaw workspace: preread reads the entire source, chunking splits it, the reading agent iterates over chunks writing reflections, and synthesis produces the final output. The skill explicitly instructs spawning sub-agents (sessions_spawn) and to run end-to-end without asking the user mid-run — this is coherent for an autonomous reading pipeline but important to note since the pipeline processes the full text and writes session artifacts without further user confirmation.
Install Mechanism
No install spec or external downloads; only local Python scripts are included. This is low risk from an install-perspective because nothing is fetched from third-party URLs or installed system-wide.
Credentials
The skill does not require secrets or external credentials. Scripts optionally respect OPENCLAW_WORKSPACE (falls back to ~/.openclaw/workspace) but SKILL.md did not declare this env var — it's optional but the skill will read/write files there and will store the user's source filename/path in session metadata. This is expected behavior but has a privacy implication: absolute source paths and text are persisted to disk.
Persistence & Privilege
The skill is not always-enabled and does not request special platform privileges. However, it is designed to run autonomously (it instructs spawning reader/finisher sub-agents and to proceed without asking the user). Autonomous operation is coherent for this use case but increases the blast radius if you supply sensitive files or if you are uncomfortable with unattended runs.
Assessment
This skill appears to do what it claims: it reads a text file, chunks it, writes per-chunk reflections, and synthesizes a final report using only local Python scripts. Before installing or running it: (1) review or run the included scripts in a controlled environment (they write under your OpenClaw workspace, default ~/.openclaw/workspace); (2) avoid passing sensitive or private files (the session metadata stores source filenames/paths and the full text is persisted under memory/sequential_read/<session-id>/); (3) note that the pipeline spawns sub-agents and runs end-to-end without extra prompts — if you prefer manual confirmation between phases, do not use the hands-off mode or inspect/modify SKILL.md to add prompts; (4) if you want to sandbox file writes, set OPENCLAW_WORKSPACE to an isolated directory before invoking. Overall the skill is internally consistent, but treat persisted session data and autonomous execution as the main operational considerations.

Like a lobster shell, security has layers — review code before you run it.

latestvk979q4xq45v6q93xgjkpaj21hn813xxz

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📖 Clawdis
Binspython3

Comments