ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Claws Temple Bounty 2.0

v0.2.17

Use when the user is explicitly inside the Claws Temple Bounty 2.0 workflow, names Claws Temple / 龙虾圣殿 / Claws Temple Bounty 2.0, or is already continuing th...

0· 38·0 current·0 all-time
by@hzz780
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name, description, and many internal files (task flows, brand lexicon, dependency catalog) align with an orchestration skill that coordinates five bounty tasks and delegates work to other skills (agent-spectrum, resonance-contract, tomorrowdao-agent-skills, portkey-ca-agent-skills). Required operations (dependency checks, voting via a CA signer) are consistent with the claimed Task 2/3/4/5 behaviors.
!
Instruction Scope
SKILL.md instructs the agent to load many local reference/config files and to use bundled helper scripts (self-heal, smoke checks, probes). It specifies asking the user for a CA keystore password and performing CA-based approve/vote operations (sensitive actions). It also instructs loading a remote live Task 4 skill at https://www.shitskills.net/skill.md. The instructions can trigger shell runs, filesystem reads, network calls, and handling of private secrets — all within the described domain but requiring caution.
!
Install Mechanism
There is no declared install spec, but the bundle contains helper scripts (self-heal, smoke-check, probes) that appear intended to run on the host and may clone or install dependency skills from the provided repository URLs. The default dependency sources are public GitHub repositories (reasonable), but Task 4 requires fetching a remote skill from a non-obvious domain (shitskills.net). Running these scripts will write to disk and may execute code fetched from the network — higher-risk actions compared with pure instruction-only skills.
Credentials
The skill declares no required env vars, but SKILL.md documents optional env overrides for dependency sources (CLAWS_TEMPLE_*_SOURCE). It requests runtime sensitive input: a CA keystore password and CA signing context for Task 3 (expected for automated vote submission). This credential use is proportionate to the stated CA write / DAO vote functionality, but it's high-sensitivity — users should not provide keystore passwords unless they fully trust the runtime and implementation.
Persistence & Privilege
The skill does not request always:true and is user-invocable. However, it explicitly supports 'self-heal' auto-install/upgrade of dependency skills by running included scripts when the host permits shell execution; that implies the skill may write files and install other skills on the host. That capability is coherent with an orchestration skill but increases the blast radius if the bundle or the remote sources are malicious or compromised.
What to consider before installing
This skill is an orchestration bundle for a five-step branded workflow and is internally consistent with that purpose, but it has actions you should verify before installing: - It can ask you for a CA keystore password to perform DAO voting (Task 3). Only provide such secrets if you trust the skill and the environment — prefer signing in a secure, audited host or signing transactions offline. - The bundle contains helper scripts that may run shell commands and auto-install or upgrade dependency skills from the configured GitHub repos. Review those scripts (scripts/self-heal-local-dependency.sh, smoke-check.sh, etc.) and confirm the repo URLs before allowing any automated installs. - Task 4 explicitly loads a live remote skill from https://www.shitskills.net/skill.md. That will fetch code at runtime; verify you trust that domain and its content before allowing remote skill loading. - There is a small content inconsistency (support CTA points to x.com/aelfblockchain despite the bundle's 'banned user-facing terms' guidance) — minor but suggests the bundle may include stale or copy-paste content. Recommended actions: inspect the included scripts locally (don’t run them blindly), verify the GitHub repo URLs and the shitskills.net endpoint, consider running the skill in a sandboxed environment, and refuse to provide private keys or keystore passwords unless you can confirm the host's safety and the skill's provenance.

Like a lobster shell, security has layers — review code before you run it.

latestvk970q7r7w773jefxqzcvfsjhax840974

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments