ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Universal Skills Manager

v1.7.0

The master coordinator for AI skills. Discovers skills from multiple sources (SkillsMP.com, SkillHub, and ClawHub), manages installation, and synchronization...

0· 1.5k·3 current·3 all-time
byJacob Ben-David@jacob-bd
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill's name, description, and included scripts are consistent with a universal skill manager that discovers, downloads, and installs skills across multiple tools. However, metadata in the registry declares no required env vars/binaries while the SKILL.md frontmatter and included config.json advertise SKILLSMP_API_KEY and require python3/curl/network access — a clear mismatch between what the registry says and what the skill actually needs.
!
Instruction Scope
The runtime instructions and scripts explicitly require outbound network access to multiple third-party endpoints and write into many user-level and project-level tool directories (e.g., ~/.claude/, ~/.gemini/, ~/.openclaw/, etc.). The SKILL.md also suggests running a remote install command piped to sh (curl ... | sh), which is a high-risk operation. The instructions potentially permit installing arbitrary code into many locations on the user's filesystem — behavior that is powerful but also dangerous if the source is untrusted.
!
Install Mechanism
There is no formal install spec (instruction-only), yet three substantial scripts are included. The installer downloads files from GitHub raw URLs (raw.githubusercontent.com) — a normal choice — but the README/workaround recommending a curl | sh installer is risky. The download sources (GitHub and well-known domains) are expected, but the inclusion of an ad-hoc remote shell-pipe install step is disproportionate to safe installation practice.
!
Credentials
SKILL.md/frontmatter and config.json reference a SKILLSMP_API_KEY and the install script accepts an optional GitHub token; the registry metadata, however, lists no required env vars. Requesting an API key for SkillsMP (and optionally a GitHub token) is reasonable for searching private/curated sources, but the mismatch between declared and actual required credentials is a red flag. The skill would gain access to any credentials the user supplies and may use them to fetch private repositories.
Persistence & Privilege
The skill is not marked always:true and the registry shows normal autonomous invocation defaults. It is designed to modify multiple per-user and per-project skill directories (its core function) which is coherent with purpose. There is a metadata mismatch: SKILL.md sets disable-model-invocation to true in its frontmatter while registry flags show default false — this inconsistency should be resolved prior to installation.
Scan Findings in Context
[shell-pipe-curl-sh] unexpected: SKILL.md text recommends running a remote installer via `curl -fsSL https://.../install.sh | sh`. While common in quick installs, piping remote scripts to a shell is high-risk and not required by the installer scripts present; handle with caution.
[github-raw-download] expected: scripts/install_skill.py downloads skill files using raw.githubusercontent.com and the GitHub API. Using GitHub raw content is expected for a manager that installs skills from GitHub.
[optional-token-usage] expected: The install script supports an optional token parameter (and SKILL.md/config reference a SKILLSMP_API_KEY). Tokens are expected to access private or rate-limited repositories/APIs, but the registry's omission of required env vars makes this capability unclear to users.
What to consider before installing
This skill appears to implement a legitimate universal skills manager, but there are several red flags you should consider before installing or giving credentials: - Inconsistencies: The registry metadata does not declare the SKILLSMP_API_KEY or required binaries, yet SKILL.md and config.json do. Ask the publisher to reconcile metadata and frontmatter so you know exactly what will be requested. - Review code before running: The package includes installer and downloader scripts that will fetch and write arbitrary files into many ~/.tool/ and project directories. Inspect scripts/install_skill.py and scripts/scan_skill.py yourself or run them in a sandboxed VM/container first. - Never pipe unknown remote scripts to sh: The SKILL.md recommends curl | sh as a convenience — avoid this. If you must run an installer from the project, fetch it, inspect it locally, then run it. - Limit credentials: Only provide SKILLSMP_API_KEY or GitHub tokens if you trust the publisher and understand scope; consider creating scoped or temporary tokens with minimal privileges. - Test safely: If you want to try the skill, do so on a disposable account or isolated environment (container or VM) and verify exactly which paths it modifies. If the publisher can (1) update registry metadata to declare required env vars and binaries, (2) remove or document the curl|sh shortcut, and (3) publish a verifiable homepage/release with checksums, the risk profile would be clearer and easier to evaluate.

Like a lobster shell, security has layers — review code before you run it.

latestvk97ajevnaab45f8kg2de0f3czd82ekwc

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments