ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Deepsync

v0.1.0

Use this skill when the user wants to find compatible people — romantic partners, business partners, or friends — based on deep psychological profiling. Trig...

0· 66·0 current·0 all-time
byLifegamer@ivankoriako
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The description promises a psychological profiling and matching engine, but the package contains only an instruction-only SKILL.md and explicitly states 'coming soon.' There is no code, no APIs, and no declared dependencies to actually perform the stated capability.
Instruction Scope
SKILL.md contains only high-level usage text and trigger phrases; it does not instruct the agent to read files, environment variables, or call external endpoints. However, it is vague about what data is required for profiling and how data is processed or stored, which is important given the sensitivity of the claimed function.
Install Mechanism
No install spec and no code files — lowest install risk. There is no downloadable code or third-party package being installed by the skill as provided.
Credentials
The skill declares no required environment variables or credentials, which is consistent with having no implementation. But because matching would normally require collecting sensitive personal data, the lack of any stated data handling, storage, or third-party service details is a gap that should be clarified before trusting the skill.
Persistence & Privilege
The skill does not request persistent privileges (always=false) and does not include installation steps that would modify agent/system configuration. There is no evidence it would persist or escalate privilege.
What to consider before installing
This skill currently appears to be a placeholder: it claims to do sensitive psychological profiling but provides no code, no install steps, and no explanation of how data is processed or stored. Before installing or using it, ask the publisher for: (1) source code or a reproducible implementation; (2) precise data inputs required and examples; (3) whether matching runs locally or calls external services, and the exact endpoints; (4) data retention, encryption, and deletion policies; (5) any third-party dependencies and credentials needed; and (6) a privacy/consent policy describing how sensitive personal information is handled. Until you can review those details (or view audited code), avoid providing sensitive personal data (financial, health, SSN, explicit sexual/orientation answers, full DOB) to the skill.

Like a lobster shell, security has layers — review code before you run it.

latestvk977fjh0h49rvz9nayfr8jy2zd839agw

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments