ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Clawmatch

v0.1.0

Use this skill when the user wants to find compatible people — romantic partners, business partners, or friends — based on deep psychological profiling. Trig...

0· 82·0 current·0 all-time
byLifegamer@ivankoriako
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The name/description promises a psychological profiling and matching engine, but the SKILL.md contains only a 'Coming soon' placeholder and no runtime logic, APIs, or dependencies. There's no coherent path from the stated purpose to any requested resources or capabilities.
!
Instruction Scope
SKILL.md provides no operational instructions for building profiles, running matches, or handling user data. It also asserts 'Your data stays local. Always.' without describing how or where data is processed or stored. The instructions are vague and grant the skill wide unspecified discretion if it were implemented.
Install Mechanism
No install spec and no code files (instruction-only). That minimizes install-time risk because nothing will be written or executed during installation.
Credentials
The skill requests no environment variables or credentials, which is proportionate for the current placeholder state. However, the promised functionality (deep psychological profiling) would normally require access to sensitive personal data or external ML services; the absence of any declared data handling or required credentials is unexpected and unexplained.
Persistence & Privilege
always is false and there are no install actions that would persist configuration or modify other skills. No elevated persistence or privileges are requested.
What to consider before installing
This skill is currently a placeholder: it promises psychological matching but contains no implementation, no code, and no privacy or data-handling details. That means it is not currently dangerous, but also not functional. Before installing or trusting a future release, ask the author for: (1) source code or a public repository, (2) where and how data is processed (local only vs. remote APIs), (3) exact inputs required and how sensitive data is stored/retained, (4) what models or third-party services are used and their endpoints, and (5) a privacy policy and homepage/contact. Do not share sensitive personal data (mental-health details, intimate relationship histories, financials, or identifying information) until those questions are answered and you can verify the implementation and data locality.

Like a lobster shell, security has layers — review code before you run it.

latestvk97fbqnw447nt376p64wqpgt8d837des

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments