ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Socialcoach Skill Pub

v1.4.0

SocialCoach is an AI social skills coach for people who want to handle boundaries, confrontation, awkward small talk, and emotionally tricky conversations wi...

0· 189·0 current·0 all-time
bywes@imwyvern
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
CryptoRequires wallet
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name, description, README and SKILL.md all describe a social-skills coaching assistant and the requested resources (none) are consistent with that purpose. There are no unexpected env vars, binaries, or config paths.
Instruction Scope
SKILL.md contains persona, tone, and response-format instructions appropriate for a coaching skill. However a pre-scan flagged 'unicode-control-chars' inside SKILL.md — hidden/control Unicode can be used to alter parsing or inject prompts into downstream LLM context. The visible instructions do not ask the agent to read unrelated files or exfiltrate data.
Install Mechanism
No install spec or shipped code — instruction-only skill. This minimizes disk write/execute risk.
Credentials
No required environment variables, credentials, or config paths are declared — access requests are proportional to the described functionality.
Persistence & Privilege
Default persistence settings (always: false, autonomous invocation allowed) are normal for skills. Nothing in the manifest requests elevated or persistent system privileges.
Scan Findings in Context
[unicode-control-chars] unexpected: Hidden/control Unicode characters are not necessary for a social-coaching instruction document. They may be benign (formatting for multilingual content) but are also a common vector for prompt-injection or stealthy alterations of visible text; inspect the raw file for unexpected control characters before trusting or installing.
What to consider before installing
This skill appears to do what it says (social coaching) and does not request credentials or install software, which is good. However the SKILL.md triggered a 'unicode control characters' warning — hidden characters can be used to manipulate LLM prompts or hide instructions. Before installing: (1) view the raw SKILL.md/README (in a plain-text editor) and search for/control characters (U+0000–U+001F, U+202E, etc.); (2) confirm the package comes from a trusted publisher or check the upstream source; (3) if you allow autonomous invocation and are worried, toggle disable-model-invocation or review logs to restrict activity; (4) if anything looks suspicious or you see unexpected endpoints or code, do not install. If you want, paste the SKILL.md raw text here and I can highlight any hidden/control characters and explain them.

Like a lobster shell, security has layers — review code before you run it.

latestvk97ekbd73dcrgdhhh6dqenk18984se22

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

💕🔥 Clawdis

Comments