ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Secretary

v1.0.1

Manage calendar, draft communications, and track preferences with explicit confirmation before actions.

2· 650·0 current·0 all-time
byIván@ivangdavila
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
Purpose & Capability
The declared purpose (calendar management, drafting communications, tracking preferences) matches the files and declared requirements (no binaries, no credentials). Asking to read/write a ~/secretary/ folder is consistent with a personal assistant skill. However some capabilities described inside (autonomously moving meetings, sending confirmations) go beyond the SKILL.md's external summary that emphasizes explicit confirmation, creating ambiguity about actual behavior.
!
Instruction Scope
SKILL.md asserts the skill NEVER sends messages without confirmation and ONLY drafts when explicitly asked, but calendar.md and writing.md contain statements that explicitly contradict that ('I don't ask you. I handle it.'; 'I don't draft for your approval. I write AS you.'). Those internal instructions would permit automatic scheduling/responses and impersonation via the user's configured tools, which is a significant scope creep relative to the 'explicit confirmation' promise.
Install Mechanism
Instruction-only skill with no install spec, no downloaded code, and no required binaries — minimal surface for supply-chain concerns.
Credentials
The skill requests no environment variables or external credentials, which is proportionate. It does rely on user's 'configured tools' to send email/calendar changes; that means it could invoke local clients or CLIs available in the user's environment without requesting new credentials. The skill also writes persistent files under ~/secretary, which will hold potentially sensitive personal and contact data.
!
Persistence & Privilege
The skill explicitly creates and uses persistent storage at ~/secretary (memory.md, people.md, calendar.md, history.md). Persistent storage itself is expected, but combined with contradictory guidance about automatic sending/acting, it increases the blast radius: the agent could use stored profiles and rules to act without review. always:false mitigates forced inclusion, but autonomous invocation is allowed by default.
What to consider before installing
This skill is plausible for a personal assistant but contains contradictory instructions about whether it will act without your OK. Before installing, ask the publisher to clarify and fix these contradictions: 1) confirm whether the skill will ever send messages or change calendar entries without explicit, itemized confirmation; 2) if it may act automatically, require an explicit whitelist of actions and recipients; 3) consider encrypting or moving ~/secretary to a secure location and review what data will be stored; 4) test in a restricted environment (no real VIPs, or with a throwaway calendar/account) to observe actual behavior. If you need guarantees that nothing is sent without review, do not install until the behavior is fixed and the SKILL.md and internal files consistently enforce that policy.

Like a lobster shell, security has layers — review code before you run it.

latestvk97epjbrecaxf4rkd6rat82qkx81dpxq

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📋 Clawdis
OSLinux · macOS · Windows

Comments