ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Weave

v2.3.0

Private provenance-backed social graph. Maintains queryable records of people, relationships, preferences, and shared experiences for recall, gifting, hostin...

0· 136·0 current·0 all-time
byIndigo Karasu@indigokarasu
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description (private provenance-backed social graph) align with the actions and resources described: an on-disk LadybugDB, Cypher queries, journaling, and optional Google Contacts/Clay connectors. The optional Google OAuth and Clay API credentials declared in skill.json match the stated sync features. Reading the Chronicle DB for enrichment is consistent with the declared functionality.
!
Instruction Scope
SKILL.md and the references are prescriptive and largely scoped to the stated purpose (upserts, queries, imports/exports, syncs). They explicitly require explicit per-sync approval for outbound writebacks, which is good. Concerns: README and SKILL.md assert that the skill 'registers the weave:update cron job (midnight daily) for automatic self-updates' and the header references installing from a GitHub repo — but the skill package in the registry contains no install spec and no code to perform self-updates. That mismatch means the skill may expect runtime behavior (pulling code from GitHub / scheduling updates) that isn't visible in the registry, which increases risk. Also, the skill writes detailed journals to disk (including runtime metadata) — this is expected but could leak usage/host info if journal contents are sensitive.
Install Mechanism
There is no install spec in the registry (instruction-only skill), which is low-risk. However, SKILL.md includes an 'install: openclaw skill install https://github.com/indigokarasu/weave' line and README claims auto-registration of a cron self-update. That implies code retrieval/execution from GitHub at runtime, but no such mechanism is present in the manifest files here. This inconsistency is noteworthy: a self-update mechanism would raise higher risk if it fetches and executes code from an external URL, but the registry package does not show how that would be done.
Credentials
The skill requires no environment variables by default. skill.json lists optional credentials (google_contacts_oauth and clay_api_key) that are directly relevant to the two optional sync connectors; both are marked optional (required:false). The declared filesystem read/write paths (local weave DB, staging, journals, and an elephas/chronicle.lbug read path) are consistent with the declared enrichment and storage behavior. No unrelated secrets or extraneous credentials are requested.
!
Persistence & Privilege
Registry flags show no elevated platform privileges (always:false) and the skill is user-invocable/autonomous invocation allowed (platform default). The README's statement that a daily cron job is registered for automatic self-updates is a persistence action that would modify system state (scheduler) and enable code to be pulled and run on a schedule — this increases the blast radius compared with an instruction-only skill. Because the package in the registry does not contain an install/update mechanism, the presence of this claimed cron behavior is a red flag that should be clarified before trust.
What to consider before installing
This skill appears to do what it says: a private local social graph with optional sync to Google Contacts and Clay, and read-only enrichment from Chronicle. Before installing or enabling it, consider: - Self-updates & cron: README claims the skill registers a midnight cron job that pulls updates from GitHub. Ask the maintainer or platform how self-updates are performed and whether the skill will be allowed to fetch and execute code automatically. If you do not want automatic code pulls or scheduled jobs, disable or decline that behavior. - Writeback & approvals: outbound syncs to Google/Clay are disabled by default and require explicit config enablement and per-sync approval; keep those flags off if you never want external writes. - Journals & privacy: the skill writes per-run journals to ~/openclaw/journals/ocas-weave including runtime metadata; if those files are sensitive, determine retention/rotation policy or set retention.days in config. - Cross-db reads: the skill can read other skill databases (Chronicle) for enrichment — confirm you’re comfortable with that data being accessible to this skill. - Code provenance: the SKILL.md references a GitHub repo for install/update. If you plan to enable update behavior, review that GitHub repository yourself to ensure no unexpected code is fetched. If you want to proceed only after clearing the above, ask the maintainer how the self-update cron is registered (what code runs, which account, and what network calls are made) and confirm there is no silent remote execution path enabled by default.

Like a lobster shell, security has layers — review code before you run it.

latestvk97a6w5jdn3dd8trqjvd7p1q2983r8z9

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments