ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Text

v1.0.0

Transform, format, and process text with patterns for writing, data cleaning, localization, citations, and copywriting.

2· 1k·4 current·4 all-time
byIván@ivangdavila
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (text transformation, cleaning, localization, citations, copywriting) match the included SKILL.md and topic-specific files. All provided commands, regexes, and examples are appropriate for text/data cleaning and writing tasks.
Instruction Scope
The runtime instructions contain shell commands and code snippets that read and transform arbitrary files (document.txt, .env, config.ini, app.log, etc.) and examples that extract emails/URLs. This is expected for a text-processing skill, but several examples use in-place edits (sed -i) and commands that could reveal sensitive content if run on secrets/config files. The instructions do not direct data to external endpoints or ask the agent to collect context beyond the file examples.
Install Mechanism
There is no install spec and no code files — the skill is instruction-only. No downloads, archives, or package installs are requested.
Credentials
The skill requires no environment variables or credentials. However, the docs show examples for inspecting .env and log files and using tools (jq, yq, python3) which may expose secrets if those files are processed. That exposure is a normal consequence of file-processing utilities, not a mismatch in declared requirements.
Persistence & Privilege
The skill is not always-on, does not declare persistence, and does not request system configuration changes. It is user-invocable and can be invoked autonomously per platform defaults, which is normal and not itself a red flag here.
Assessment
This skill is a coherent, instruction-only text-processing guide and appears to do what it says. Before using: (1) Review any shell/python commands and run them on copies of your data (avoid sed -i on originals). (2) Be cautious when processing .env, config, or log files — they often contain secrets; do not run extraction commands on those files unless you intend to and understand the risk. (3) Some examples rely on tools (python3, jq, yq, csvkit); ensure you have the intended versions and prefer non-destructive flags or dry-run options. (4) If you plan to allow an automated agent to run these instructions, restrict it to safe test data or a sandbox to avoid accidental data modification or exposure.

Like a lobster shell, security has layers — review code before you run it.

latestvk97cqwy3bak904fxg1yfncx8s181100s

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments