Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Specialized Agents
v1.1.0Manage and orchestrate 25 specialized AI agents across content, development, QA, personalization, and meta tasks for parallel workflows.
⭐ 4· 18.9k·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The skill has no human-readable description in the registry but the package includes an extensive multi-agent ecosystem, system integration scripts (ComfyUI setup, cron wrappers), and tools that expect access to local macOS data (iMessage DB, Safari cookies) and to save tokens. The declared requirements (no env vars, no binaries) do not match the actual capabilities found in the files.
Instruction Scope
SKILL.md (the runtime instructions) tells the agent to automatically read many local files (memory/YYYY-MM-DD.md, AGENTS.md, USER.md), to 'do without asking' for file reads and background tasks, to 'save credentials immediately', and contains explicit behavioral rules (e.g., 'do not ask, just do it', 'NO_REPLY' protocol). These instructions are broad, implicitly grant the agent permission to access local sensitive files, and include steps that would persist and run external jobs (crons, gateway startup).
Install Mechanism
The registry lists no install spec, but the package contains a full virtualenv tree and dozens of scripts that perform network downloads (curl calls to civitai/huggingface, setup scripts, cron wrappers, auto-start instructions). The presence of packaged site-packages plus many setup scripts means code will be present on disk and instructs users to download large model files from external hosts — a higher-risk install surface than a purely instruction-only skill.
Credentials
The skill declares no required environment variables or primary credential, yet code and docs reference access to Safari cookies, reading ~/Library/Messages/chat.db (imsg), Full Disk Access, saving GitHub tokens, and gateway auth. That mismatch (no declared secrets requested vs many places where secrets/config access is required) is disproportionate and ambiguous.
Persistence & Privilege
Files include cron wrappers, startup scripts, and guidance to auto-start services and persist model files; AGENTS.md instructs automatic reads and writes to local memory files. While always:false (not force-installed), the skill encourages persistent system presence and automations that modify the host and run on schedule — combined with the broad file access above this increases risk.
Scan Findings in Context
[system-prompt-override] unexpected: SKILL.md contains language that attempts to change agent behavior ('Do without asking', 'Read files, explore, learn', specific reply token semantics) — this looks like prompt-injection of runtime policy and is not expected for a benign skill index.
[unicode-control-chars] unexpected: Pre-scan flagged unicode-control-chars in SKILL.md. Such tricks are commonly used to hide or obfuscate instructions and are unexpected in straightforward documentation.
What to consider before installing
This package is large and internally inconsistent: it bundles many scripts that expect privileged local access (iMessage DB, Safari cookies, saving tokens), recommends downloading large models from external sites, and its SKILL.md instructs the agent to read and act on local files automatically. Before installing, consider: 1) Who authored/published this? (no homepage or description provided — ask for provenance and signature). 2) Do you trust it with Full Disk Access, network downloads, cron jobs, and saving tokens? If not, do NOT install. 3) If you still want to test: run inside a disposable VM/container or an isolated account; do not grant Full Disk Access or SSH keys; inspect these high-risk files first: save-github-token*.sh, imsg/get-imessage-content.py, ComfyUI setup scripts (COMFYUI_*.md and setup scripts), any cron wrappers, and anything that mentions Safari cookies or gateway start. 4) Ask the author to: provide a short purpose/description, a minimal manifest of exactly what permissions are needed, and remove or clearly call out any instructions that auto-read user files or persist services. 5) If you must use it on a real machine, audit and run only the pieces you need, disable auto-start/crons, and review network calls before allowing them.Like a lobster shell, security has layers — review code before you run it.
latestvk97c303eb3mscj1spzzraqjv3180wpa4
License
MIT-0
Free to use, modify, and redistribute. No attribution required.