ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Defusing Anger

v1.0.0

Teaches battle-tested, crisis-specific de-escalation sequences with exact verbal scripts, timing protocols, and non-verbal cues to instantly calm angry peopl...

0· 62·0 current·0 all-time
by@howtousehumans
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name and description align with the SKILL.md: it provides scripted de-escalation sequences, timing, and non-verbal cues. There are no unrelated binaries, credentials, or install steps required.
!
Instruction Scope
The runtime instructions require the agent to 'log the three answers internally' and to 'log every response verbatim in real time' and to 'do not end the interaction until...' — actions that expand scope beyond providing scripts into active transcript capture, retention, and enforcement of conversational flow. The skill does not specify where logs are stored, retention policies, or consent, and it directs behavior that could prolong interactions or capture sensitive admissions (self-harm, threats, crimes).
Install Mechanism
Instruction-only skill with no install spec or external downloads. This minimizes code-install risk.
Credentials
The skill requests no environment variables, credentials, or config paths (proportionate). However, the explicit requirement to record verbatim transcripts is a privacy/data-protection concern even though no storage mechanism is declared.
Persistence & Privilege
always is false and there is no request for persistent system privileges or modification of other skills. Autonomous invocation is allowed (platform default) but not by itself problematic here.
What to consider before installing
This skill appears to do what it says (scripts and timing for de-escalation) but it instructs the agent to capture and log verbatim responses and to enforce long pauses and confirmation rules without explaining where or how logs are stored or who can access them. Before installing, consider: (1) Do you have a safe, auditable storage and retention policy for sensitive transcripts? (2) Does logging comply with privacy, employment, and legal requirements (e.g., admissions of crimes, mandated reporting)? (3) Remove or limit the 'log verbatim' / 'do not end until...' directives if you don't want persistent or indefinite interactions. If you proceed, test in low-risk scenarios, require explicit user consent before recording, and ensure logs are encrypted and access-controlled.

Like a lobster shell, security has layers — review code before you run it.

latestvk97e0n8snx7me07yc00nnm6f5n83x3p1

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments