Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Craft Connect

v1.0.1

Read and write Craft documents via the Craft Connect API. Use when the user asks to create, read, update, or search Craft documents, manage tasks, write dail...

⭐ 0· 210·0 current·0 all-time

by@hwnex

MIT-0

Download zip

LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.

Security Scan

VirusTotal

Benign

View report →

OpenClaw

Suspicious

medium confidence

Purpose & Capability

The skill claims to talk to the Craft Connect API (create/read/update/search documents) which legitimately requires an API base URL/link token. However, the registry metadata lists no required env vars or primary credential while SKILL.md explicitly requires CRAFT_API_URL and curl. The mismatch between declared requirements and the instructions is an inconsistency.

Instruction Scope

SKILL.md instructs the agent to read TOOLS.md to obtain the CRAFT_API_URL and to use curl for all requests. Asking the agent to read a local file (TOOLS.md) is outside the declared config paths and grants access to local secrets; otherwise, the instructions stick to the Craft API and do not propose exfiltration to unrelated endpoints.

✓

Install Mechanism

This is an instruction-only skill with no install spec or code files, so nothing is written to disk by the skill itself — lowest install risk.

Credentials

SKILL.md requires a single sensitive value (CRAFT_API_URL containing an embedded link token) which is proportionate for Craft integration, but the registry metadata does not declare it. The instructions also recommend storing the token in TOOLS.md (a plaintext file), which is a risky storage pattern and not documented in the skill's declared config.

✓

Persistence & Privilege

The skill does not request always:true and is user-invocable; it does not claim to modify other skills or system configuration. Autonomous invocation is allowed (platform default) but not combined here with other high privileges.

Scan Findings in Context

[no_regex_findings] expected: Scanner found nothing because this is instruction-only (no code files). Absence of findings is expected but not evidence of safety.

What to consider before installing

This skill appears to be a valid Craft Connect wrapper, but the SKILL.md requires a CRAFT_API_URL (an embedded link token) and instructs the agent to read TOOLS.md — while the registry metadata lists no required env vars or config paths. Before installing: 1) Ask the author to update the registry metadata to declare CRAFT_API_URL (or change instructions to use a declared env var). 2) Avoid storing link tokens in plaintext files like TOOLS.md; prefer a properly scoped environment variable or secrets store. 3) Confirm you trust the agent to access the Craft space reachable by that token (consider using a limited/test space). 4) If you must allow the agent to read local files, restrict which files it can access. If the author cannot justify the metadata mismatch, treat the skill as untrusted.

Like a lobster shell, security has layers — review code before you run it.

latestvk97fwr32q85nd6gbxqb2wzzygx82sp8q

License

MIT-0

Free to use, modify, and redistribute. No attribution required.

Termshttps://spdx.org/licenses/MIT-0.html

Craft Connect

License

Comments