ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Claw MBTI

v1.2.0

Take a 60-question survey rating your behavioral tendencies from -3 to 3 to calculate and receive your detailed MBTI personality type and result URL.

0· 451·0 current·0 all-time
by@juunini
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (MBTI survey) matches the SKILL.md contents: 60 questions and local scoring instructions. There are no unexpected environment variables, binaries, or installs required.
Instruction Scope
The instructions ask the agent/user to answer the 60 questions and run provided JavaScript scoring code locally, then report the result and a 'result URL'. The SKILL.md is truncated in the scan; the only minor ambiguity is how the result URL is produced/hosted (the file does not declare sending data to any external endpoint). Otherwise the runtime steps stay within the stated purpose and do not request unrelated files or credentials.
Install Mechanism
No install spec and no code files beyond SKILL.md. Instruction-only skills have low installation risk because nothing is downloaded or written to disk by the skill package itself.
Credentials
The skill declares no required environment variables or credentials. It only requires the user/agent to provide survey responses (personal data). This is proportionate to an MBTI survey, though the responses are sensitive personal data and should be handled accordingly.
Persistence & Privilege
The skill does not request permanent presence (always=false) and does not modify system-wide settings. It remains user-invocable and does not require elevated privileges.
Assessment
This skill appears to do exactly what it says: administer a 60‑question MBTI survey and run local scoring code. Before installing or running it, check the remainder of the SKILL.md (the scoring code was truncated in the copy you provided) to confirm the JavaScript does not make network requests or POST data to external services. Be aware that the answers are personal data — only run this in an environment you trust and avoid pasting sensitive information. If you want extra assurance, ask the skill author (or inspect the full SKILL.md) to confirm how the 'result URL' is generated and that no external endpoints are contacted.

Like a lobster shell, security has layers — review code before you run it.

latestvk97f5k3aa0z6vqfmsgzreyppn9821p3t

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments