ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

93pct

v1.0.0

Autocomplete for agency next steps. Like Google autocomplete but for what to do next. Given any context, returns the top concrete viable actions ranked by RO...

0· 50·0 current·0 all-time
byAutomate@ironiclawdoctor-design
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The skill claims to produce ranked next steps and the included script builds a prioritized stack from local state (databases, drafts, file existence). The files and checks (dev.to draft presence, GCP SA presence, dollar DB, BTC status) line up with an 'agency next steps' planner.
Instruction Scope
Runtime instructions are simple (run suggest.py, view stack, mark done). The script reads local DBs and JSON files, checks for presence of credential files, and writes/updates a local agency.db next_steps table. It does not make outbound network requests itself, but it prints URLs and suggests commands that would invoke other scripts (e.g., btc-monitor.py, deploy-dollar-v3.py).
Install Mechanism
No install spec — instruction-only with a bundled Python script. Nothing is downloaded or extracted at install time.
Credentials
The skill requests no environment variables or external credentials, but it inspects sensitive local artifacts (WORKSPACE/dollar/dollar.db, ../../../human/btc-status.json, secrets/devto-api.json, secrets/gcp-service-account.json, /root/deploy-dollar-v3.py, /tmp/agency-b64.txt). Reading these files is consistent with planning goals, but they may contain financial or secret data that could appear in outputs.
Persistence & Privilege
always:false and default invocation rules. The script creates/updates its own agency.db table (local persistence) but does not modify other skills or global configs.
Assessment
This skill appears to do what it says, but it accesses local financial and secret-related files and writes a local next_steps DB. Before installing or enabling autonomous use: (1) Review the contents of the referenced paths (WORKSPACE/dollar/dollar.db, WORKSPACE/secrets/devto-api.json, WORKSPACE/secrets/gcp-service-account.json, ../../../human/btc-status.json, /root/deploy-dollar-v3.py, /tmp/agency-b64.txt) to ensure no sensitive secrets or private keys are present or that you're comfortable exposing summary values. (2) If you want stricter isolation, run the skill in a sandboxed workspace or remove/mask sensitive files. (3) Be cautious when approving suggested job IDs/commands — some items reference other scripts (btc-monitor.py, deploy-dollar-v3.py) which you should inspect separately before executing. (4) If you need stronger assurance, request the author clarify handling of any secrets and whether any other scripts invoked by the stack make network calls or exfiltrate data.

Like a lobster shell, security has layers — review code before you run it.

latestvk97ey89zbdcpyb8yyd3s4kvxfx83tjc1

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments