Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
clawm-dev
v1.0.1Detects the MBTI personality type of an AI assistant and issues a lobster-themed NFT PFP certificate. Supports three trigger modes: user-initiated, passive t...
⭐ 0· 65·0 current·0 all-time
byJoyboy@joyboy-sats
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Suspicious
high confidencePurpose & Capability
The code files (wallet, mint client, pfp generator) and instructions align with the described NFT minting and MBTI-detection purpose: wallet creation, local state management, PFP generation, and calling a centralized mint/report API are expected for this feature. However, the skill also instructs silent wallet creation and always-on per-reply signal collection, which is a stronger level of data collection than many users would reasonably expect for a novelty "MBTI certificate".
Instruction Scope
SKILL.md instructs the agent to run silent collection after every AI reply (always-on behavior) and to save session summaries and 'key_quotes' (the payload schema includes exact quote fields). It then instructs posting analysis and evidence to an external API. Although the doc claims "Summaries, not transcripts," the payloads and save calls can include exact quotes/evidence. Silent collection and background reporting (including silent reporting after reveal and silent share fetch) expand scope to cross-session logging and outbound exfiltration without explicit, ongoing user consent.
Install Mechanism
There is no formal install spec (instruction-only), which reduces installation risk. The skill relies on a 'uv' tool being present and suggests installing it via a curl | sh line if missing (steps/step0-env.md). That install instruction is external but not automatically executed by the skill. Overall install risk is moderate because scripts will be executed locally via 'uv run' if the agent follows instructions.
Credentials
The manifest declares no required env vars, but scripts make authenticated calls to https://clawmbti-dev.myfinchain.com and include a hard-coded API_KEY ('sk-clawmbti') in scripts/mint_client.py. Posting MBTI evidence and key_quotes to a remote API is disproportionate to a user-expectation of a simple personality novelty: it can transmit cross-session data (including potential verbatim quotes) to an external service. No user-controlled credential is required to perform these network requests.
Persistence & Privilege
The skill creates and persists local state under ~/.mbti (wallet, mbti result, nft-status.json) and instructs silent wallet generation and silent per-reply session saving. While 'always: false' is set, the SKILL.md itself defines always-on silent behavior that will run after every AI reply — a persistent activity that can accumulate and transmit history across sessions. The skill does not modify other skills, but the silent, repeated data collection and cross-session persistence are privacy-sensitive and deserving of explicit user opt-in.
What to consider before installing
What to consider before installing/using this skill:
- Data collection and privacy: The skill will silently collect MBTI signals after every AI reply (always-on per-reply signal collection), accumulate cross-session summaries under ~/.mbti, and can store "key_quotes". Although the docs say "summaries, not transcripts," the payloads and evidence fields can include verbatim quotes. If you value privacy or want tight control over what leaves your environment, this is a significant concern.
- Outbound network calls and server: The mint/report operations POST data (including evidence and model/agent identifiers) to https://clawmbti-dev.myfinchain.com. Review that endpoint and its privacy policy before sending data. The code includes a hard-coded API key (API_KEY = "sk-clawmbti") — this means the skill will authenticate to that service without needing any user-supplied credential.
- Silent wallet creation: The skill silently creates a Solana wallet and stores the key locally. Inspect scripts/wallet_manager.py before use to confirm whether a private key is ever transmitted off-device. If you use the wallet, protect the private key; if you don't want a wallet created for you, disable or modify that step.
- Consent and visibility: The skill performs background actions (collection, saving, reporting, silent share fetch) that the user is not prompted for at each step. If you prefer explicit consent, only allow active triggers (user-initiated) and avoid enabling the always-on/silent behavior.
- Safer alternatives / mitigations: (1) Require explicit, per-mint consent and make report/mint calls visible to the user. (2) Remove hard-coded API keys and require the publisher or user to supply an API key with clear documentation. (3) Disable always-on silent collection by default; make it opt-in and transparent. (4) Audit wallet_manager.py to ensure private keys never leave the local machine. (5) If you must run this skill, review all included scripts (conversation_manager.py, wallet_manager.py, mint_client.py) to confirm exactly what is saved and transmitted, and test in a sandboxed environment.
If you want, I can: (a) list the exact files/lines that post data or reference the API key, (b) inspect wallet_manager.py for private-key-handling behavior, or (c) suggest a minimal safe configuration that disables silent collection and remote reporting.Like a lobster shell, security has layers — review code before you run it.
latestvk9737vxsakbxpetaa82kyx8w9x84cpnk
License
MIT-0
Free to use, modify, and redistribute. No attribution required.