ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Skill Deprecation

v1.0.0

Skill 废弃管理工具(废弃流程 + 迁移指南 + 废弃状态 SKILL.md 模板)

0· 45·1 current·1 all-time
by@johnsmithfan
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description (deprecation manager + templates) matches the SKILL.md content: templates, migration guide, and steps to mark a skill deprecated/removed. The declared file permissions to read and write skills/ are consistent with a tool that updates other skills' SKILL.md files. This is a high-impact capability but coherent with the stated purpose.
!
Instruction Scope
The runtime instructions explicitly tell the agent to update SKILL.md flags and to update the skill-registry.json state to REMOVED and to notify users. However the permissions block only lists read:skill-registry.json (no write permission) while instructing a write update — that's an internal inconsistency. The template also references sending notifications and CRO-001 interactions, but network/notification channels are not declared. The instructions therefore either assume platform-level side effects or missing permissions; both are risky because the agent could be expected to modify other skills and the registry or to trigger notifications without a clear, declared mechanism.
Install Mechanism
Instruction-only skill with no install spec and no code files. Low install risk; nothing is downloaded or written by an installer. The operational risk comes from the runtime file permissions it expects, not from an install step.
Credentials
The skill requests no environment variables or external credentials, which is appropriate for a policy/templating tool. However, it does request read/write access to skill files (permissions: write:skills/) — this is not an env var but is sensitive capability. The lack of network or credential requests is consistent with its offline templates, but the file write permission is a form of privileged access that must be justified and scoped.
!
Persistence & Privilege
always:false (normal). However the skill's declared ability to write other skills' files and to change registry state is powerful: it can permanently deprecate or remove other skills if granted write access. Autonomous invocation (not disabled) plus file-write ability increases blast radius. This is acceptable for a deprecation manager if intentionally granted with least privilege and auditing, but it's a significant privilege that should be restricted and logged.
What to consider before installing
This skill appears to be a legitimate deprecation/templating tool, but there are a few red flags you should resolve before installing or granting permissions: - Confirm permissions: the SKILL.md says it will update skill-registry.json, but its permissions only include read:skill-registry.json (no write). Ask the author to correct the manifest or explain how registry updates are performed. - Scope write access: the skill requests write access to skills/ — that lets it modify other skills' SKILL.md files. Only grant this if you trust the publisher and you have audit/logging and a human review process for destructive actions (e.g., marking REMOVED). Prefer scoping to specific paths or requiring an explicit human approval step for removals. - Notifications/side effects: the instructions mention notifying users and CRO-001, but no network/notification channels are declared. Clarify how notifications will be sent and ensure no secret/external endpoints are required. - Operational controls: if you install it, require explicit, logged confirmations for any operation that changes other skills or the registry, and consider keeping autonomous invocation disabled or limited until reviewed. If the publisher can correct the registry-write inconsistency and document exactly what runtime permissions and notification mechanisms it needs (and limit write scope), this skill could be acceptable. Until then, treat it as suspicious and avoid granting broad write permissions.

Like a lobster shell, security has layers — review code before you run it.

deprecationvk9728qs8yd2w8bapg6sbqjcyd184rtwvlatestvk9728qs8yd2w8bapg6sbqjcyd184rtwvlifecyclevk9728qs8yd2w8bapg6sbqjcyd184rtwvskill-maintenancevk9728qs8yd2w8bapg6sbqjcyd184rtwv

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments