ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

btw command

v1.0.0

Ask non-blocking clarifying questions during agent workflows. Use when agents need user input without halting execution. Handles deployment decisions, code r...

0· 41·0 current·0 all-time
byclaw0x@kennyzir
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill's stated purpose is to provide non-blocking, queued questions with notifications via multiple channels. The code implements a simple in-memory queue and console logging only (no notification channels, no persistence). The required capabilities (none) are appropriate, but the feature claims (multi-channel notifications, durable queue) are not implemented in handler.ts.
!
Instruction Scope
SKILL.md emphasizes non-blocking behavior ('agent continues working while waiting') and gives examples that imply background queuing. The implementation's run() awaits waitForAnswer, which blocks until an answer or timeout, so calling agent.run('btw', ...) will block the caller unless invoked without awaiting. SKILL.md also suggests notifying users through channels; the code only logs to console. This mismatch could lead to incorrect integration assumptions (e.g., relying on non-blocking semantics or persistence).
Install Mechanism
No install spec and only a single small TypeScript handler are included; nothing is downloaded or written during install. This is low-risk from an installation/execution standpoint.
Credentials
The skill requests no environment variables, no credentials, and the code does not read env vars or config paths. That is proportional to its described local utility.
Persistence & Privilege
The skill does not request persistent presence (always:false) and runs locally. However, it stores questions only in memory — pending questions will be lost on process restart — which is not highlighted in the documentation and may be important for real-world use (especially for deployment/security prompts).
What to consider before installing
This skill appears to be low-risk code that runs locally (no network calls or credentials), but the documentation and implementation are not fully aligned. Before installing or using it in production: - Understand blocking behavior: run() waits until an answer or timeout. If you need true non-blocking behavior, you must call it without awaiting or change the integration to poll listPendingQuestions and call answerQuestion later. The examples in SKILL.md can be misleading. - Notifications and durability are not implemented: the README mentions multi-channel notifications and persistent queuing, but the handler only logs to console and keeps questions in memory. If you need notifications or persistence across restarts, you'll need to extend the skill or provide external plumbing. - Test in a safe environment: because blocking behavior could pause agent workflows or deployment tasks until timeout, validate workflows in staging before relying on this for critical decisions. - The skill exposes answerQuestion() and listPendingQuestions() which you can use to implement your own UI/notification integration; consider adding secure persistence and notification hooks if you intend to use this for security- or deployment-critical prompts. Overall: not malicious, but the documentation over-promises features that aren't implemented; treat this as an incomplete/local helper and verify behavior before trusting it in important flows.

Like a lobster shell, security has layers — review code before you run it.

latestvk97c4tdp4nrz8wmw13z7af3mk983qcbb

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments