ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Ab Test Setup Migrated

v1.0.0

Skill migrada desde examples - ab-test-setup con capacidades completas

0· 80·0 current·0 all-time
byJosé Cuevas@jacr6
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The description says 'capabilities completas' and is a migrated, full-featured skill, but the package contains no code, no install specification, and no declared dependencies. That mismatch (claiming full capabilities while providing only an instruction-only SKILL.md) is incoherent — either required components are missing or the metadata is inaccurate.
!
Instruction Scope
The SKILL.md only contains examples and integration snippets that require local modules using paths like '~/.opencode/skills/...'. Those examples implicitly reference files under the user's home directory even though the skill declares no config paths or required modules. If an agent executed those examples it could attempt to load code from the user's filesystem — a scope/delivery mismatch.
Install Mechanism
No install specification is present (instruction-only). That is low-risk in itself, but given the skill's claims and example requires, the absence of an install step increases incoherence.
Credentials
The skill declares no required environment variables or credentials, which is consistent with an instruction-only example. However, the examples call a 'searchWeb' helper and other local modules without declaring any service credentials; this is suspicious only if those helpers would require external API keys in practice.
Persistence & Privilege
always is false and there is no indication the skill requests persistent system-wide privileges or modifies other skills. Autonomous invocation is allowed (default) but not combined with additional privileged requirements.
What to consider before installing
This skill looks like a migrated example rather than a complete, installable skill. Before using it: 1) ask the publisher for the missing code, install instructions, and provenance; 2) examine the referenced local modules (~/.opencode/skills/...) on your machine — do not create or run those modules unless you trust their source; 3) prefer skills that include explicit install steps or packaged code and that declare any credentials they need. If you must run it, do so in an isolated environment and inspect any local code it would require first.

Like a lobster shell, security has layers — review code before you run it.

latestvk97bb87vqsec7k1fzs0qsnyy0h83w4mp

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments