ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Coding Bootcamp Video

v1.0.0

Coding Bootcamp Video is a specialized AI-powered video production skill built for coding bootcamps, software development training programs, data science boo...

0· 18·0 current·0 all-time
by@imo14reifey
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
CryptoCan make purchases
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name and description (video production for bootcamps) line up with an instruction-only skill that would provide prompts, scripts, or guidance for producing marketing videos. There are no declared binaries, installs, or environment variables that contradict the stated purpose.
!
Instruction Scope
This is an instruction-only skill and SKILL.md is the agent's runtime specification. The provided excerpt is marketing/copywriting content, not runtime commands. Because we did not inspect the full SKILL.md instructions, it's unknown whether the skill tells the agent to access local files, read unspecified environment variables, call external endpoints, or request credentials at runtime. Any such hidden behavior would be unexpected and should be flagged. Verify the full SKILL.md for commands that read system files, indiscriminately gather user data, or post data to third-party endpoints.
Install Mechanism
No install spec and no code files were provided, so nothing will be written to disk by an installer. Instruction-only skills have a lower install risk surface.
Credentials
The skill declares no required environment variables or credentials, which is proportionate for a marketing/video guidance skill. However, double-check SKILL.md for any runtime instructions that ask the agent to use API keys or tokens (e.g., for cloud video renderers, storage, or third‑party publishing) that are not declared — that would be an incoherence and risk.
Persistence & Privilege
always is false and there are no install scripts or config paths requested. The skill does not request persistent presence or elevated platform privileges in the metadata.
What to consider before installing
This skill is instruction-only and appears coherent with its video-marketing purpose, but because runtime behavior comes entirely from SKILL.md you should: (1) read the entire SKILL.md before installing to confirm it does not instruct the agent to read local files (documents, photos, or shell history) or to call unknown external endpoints; (2) watch for any instructions that ask you to paste API keys, tokens, or credentials — the metadata should declare required env vars if those are needed; (3) if the skill integrates with third-party video APIs, prefer ones that explicitly name the service and required permission scope; (4) test the skill in a sandboxed environment and deny any prompts that request broad file system or credential access. If you want, paste the full SKILL.md here and I will re-check it line-by-line for any unexpected instructions.

Like a lobster shell, security has layers — review code before you run it.

latestvk9773390jp3zz3pxtzdym9a2ds84b4k1

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments