ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Meta Workflow Discoverer

v1.0.0

AI-powered workflow automation discoverer that observes user patterns, identifies repetitive tasks, and automatically generates executable automation workflo...

0· 54·1 current·1 all-time
by@jason-aka-chen
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The SKILL.md describes an agent that "observes user patterns", performs cross-user learning, scheduling, and ML-driven automation. The Python code provided implements a local recorder, simple sequence/time aggregation, and basic heuristics for discovering workflows. There is no code shown that "observes" system activity automatically, performs networked cross-user learning, or uses ML libraries. The install instruction (pip install numpy pandas scikit-learn) is inconsistent with imports in the code (no numpy/pandas/sklearn imports in the visible file). This suggests the README overstates capabilities or the implementation is incomplete.
!
Instruction Scope
SKILL.md implies continuous observation, scheduled/event triggers, automatic automation execution, and cross-user sharing. The runtime instructions and API surface in the README focus on explicit calls (record_task, import_history, discover_workflows, create_automation). There are no instructions or code shown that instruct the agent to read system logs, monitor user activity, integrate with external services, or contact remote endpoints. This is scope creep: the declared behavior (automatic observation, cross-user learning) is not realized by the available code/instructions.
Install Mechanism
There is no packaged install spec in the registry metadata (instruction-only skill) but SKILL.md tells users to 'pip install numpy pandas scikit-learn'. The provided Python file does not import these libraries in the visible portion, so the recommended heavy dependencies are disproportionate to the shown implementation. This could be benign (leftover docs) but is an inconsistency worth flagging.
!
Credentials
The skill declares no required environment variables or credentials, and the code similarly shows no network calls or credential usage in the visible portion. However, SKILL.md claims features like 'Cross-User Learning' which would normally require network access and credentials — yet none are requested. That mismatch is suspicious: either sharing is not implemented, or the skill will later be modified to contact external services (which would require credentials) without prior declaration.
Persistence & Privilege
The code persists user data to a file under the user's home (~/.workflow_discoverer/{user_id}.json). This is consistent with 'discoverer' functionality but means the skill will store potentially sensitive task history locally. The skill is not set to always:true and requests no special runtime privileges. Writing to the user's home directory is expected but should be noted because it creates a local datastore of user activity.
What to consider before installing
This skill's README promises automatic observation, cross-user learning, scheduling, and ML-powered discovery, but the included code implements a simple local recorder and heuristic pattern detection that runs only when you call its APIs and stores data in ~/.workflow_discoverer/{user_id}.json. Before installing or enabling it: - Expectation mismatch: don't assume it will monitor your activity in the background or share data across users — the files show no network or background-monitoring code in the visible portion. If those features are required, ask the author for the full implementation or for explicit network endpoints and privacy guarantees. - Local storage: it will create and write a JSON file in your home directory containing recorded task history; this may include sensitive task names, contexts, or parameters. Review that file and consider running the skill in a sandbox or with non-sensitive test data first. - Dependency note: SKILL.md suggests installing numpy/pandas/scikit-learn but the visible code doesn't use them. Avoid installing unnecessary packages unless you confirm they are actually required (or inspect the remainder of the code). - Audit recommendation: inspect the rest of workflow_discoverer.py (it was truncated) for any network calls, remote endpoints, or code that imports ML libraries or spawns processes. If you see any outbound HTTP requests, credential usage, or obfuscated code paths, do not enable autonomous invocation and run it in an isolated environment. What would change this assessment: if the remainder of the code contains justified ML usage (and the SKILL.md's install line matches imports), or if there are explicit, declared, and reasonable mechanisms for cross-user learning (with explicit endpoints and credential requirements), that would make the skill more coherent. Conversely, if hidden network calls or credential harvesters appear in the truncated portion, the risk would be higher.

Like a lobster shell, security has layers — review code before you run it.

latestvk9735d0fzt4zbf2n5hr96r6b3183crnt

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments