ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Business Strategy

v1.1.0

Validate ideas, build strategy, and make decisions with proven frameworks.

2· 2k·9 current·10 all-time
byIván@ivangdavila
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (business strategy, validation, decision tracking) align with what the skill requires and instructs: there are no unrelated environment variables, binaries, or install steps. All declared requirements are minimal/empty and coherent with a planning/advisory skill.
Instruction Scope
SKILL.md explicitly directs creation and use of files under ~/business/ (decisions.md, metrics.md, ideas/ etc.) and provides shell commands (mkdir/touch) as templates. This is within the skill's purpose, but it does involve persistent local file I/O — the agent will be instructed to write and later read those files. The instructions do not ask for other system files, secrets, or network exfiltration.
Install Mechanism
No install spec, no code to download or execute. Instruction-only skills present the lowest install risk because nothing is written to disk by an installer.
Credentials
The skill requests no environment variables, credentials, or config paths beyond a user-scoped ~/business/ directory. There are no disproportionate secret or credential requests.
Persistence & Privilege
always is false and the skill does not request elevated privileges. It does, however, define a persistent storage location in the user's home directory for decision memory; that is expected for this functionality but is a persistence property users should be aware of and can remove if undesired.
Assessment
This skill is coherent with its stated purpose: it provides frameworks and asks the agent to store notes and decision logs in ~/business/. Before installing, consider: (1) The agent will be instructed to create and update files in your home directory — review those files (decisions.md, metrics.md, ideas/) and remove them if you stop using the skill. (2) The skill does not request credentials or network endpoints and the registry scan found no suspicious code, but the agent platform's ability to execute shell commands could cause those file operations to happen automatically — only install if you trust the agent runtime. (3) If you prefer not to have persistent files in /home, change the memory path or refuse filesystem access. (4) Regularly back up or securely delete any sensitive business data you store there. Overall the skill appears benign and proportionate to its purpose.

Like a lobster shell, security has layers — review code before you run it.

latestvk97ffraf59wjqeqe7fx4tx6kgh81gemc

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

💼 Clawdis
OSLinux · macOS · Windows

Comments