ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

informat

v1.0.0

Informat AI intelligent development platform system method calling skill. Core rules (strictly follow): 1. Before any creation or modification operation, you...

0· 57·0 current·0 all-time
bycornerstone365@informat365
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
CryptoCan make purchases
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The code and SKILL.md consistently implement an Informat platform method-calling client (scripts/call.js + 119 method schemas). That matches the name/description, but the skill bundle does not declare the actual runtime credential inputs it requires (host and agentToken) in the registry metadata even though call.js requires them; this is an incoherence between declared requirements and actual capabilities.
!
Instruction Scope
SKILL.md instructs the agent to read local reference files and call scripts/call.js to contact a remote Informat agent endpoint. The method catalog includes many destructive or powerful methods (e.g., _app_publish, _schedule_delete_define, _automatic_run_once, _execute_informat_script_designer, _javascript_eval). While the docs include some safeguards (e.g., asking for explicit confirmation for certain operations), the skill still grants the agent direct ability to invoke high-privilege actions on a remote system — this expands scope beyond read-only and requires careful access control and explicit user confirmation at runtime.
Install Mechanism
No install spec: the skill is instruction-and-file based and does not download or install remote artifacts during install. That minimizes installer risk.
!
Credentials
scripts/call.js requires a .env with host and agentToken and will send X-INFORMAT-AGENT-TOKEN to the configured host. The skill metadata declared no required env vars / no primary credential, which is incorrect. The agentToken is a high-value credential because it likely grants broad platform privileges — requiring it without declaring or explaining required permission scoping is disproportionate and a security risk.
Persistence & Privilege
The skill does not request always:true and contains no mechanism to persist itself into other skill configs. It is not requesting elevated platform presence beyond normal autonomous invocation.
What to consider before installing
This package is an API client for an Informat platform and includes a runnable script that will send whatever value you put in agentToken to the configured host. Before installing or using it: 1) Do not supply a production/global token until you trust the code and host — create a least-privilege test token first. 2) Expect to provide two environment values (host and agentToken) even though the registry metadata omitted them; the tool will fail without them. 3) Review and understand the high-risk methods present (publish, delete, run automations, execute scripts, javascript eval) and only allow those actions after explicit, documented user consent. 4) Confirm the host domain (default in repo: https://ai.ainformat.com/) is the intended endpoint and is trustworthy. 5) If you cannot verify the maintainer or the endpoint, avoid using real credentials or run the client in an isolated/test environment. 6) Prefer the skill owner to update registry metadata to explicitly list required env vars and to document required permission scopes for agentToken before you proceed.

Like a lobster shell, security has layers — review code before you run it.

latestvk97es9cj7229hrz5xqax5kak8984bcg3

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments