ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Idea Capture

v1.0.0

Capture or update an idea, append an update log, and write a session summary for later retrieval.

0· 41·0 current·0 all-time
by@kid0114
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description align with what the skill actually does: create/update idea Markdown files, session summaries, a human INDEX.md, and a catalog.json in a workspace-local ideas/ directory. There are no unrelated credentials, binaries, or network endpoints requested.
!
Instruction Scope
SKILL.md instructs the agent to run the included script with optional --idea-id input. The script writes files under a workspace ideas/ layout only, which is expected. However, the code uses the provided idea_id directly when constructing file paths (IDEAS_DIR / f"{idea_id}.md") without validating or sanitizing it. If an attacker or a misbehaving agent supplies a crafted idea_id containing path components (e.g., '../otherdir/evil'), the script could create or overwrite files outside the intended ideas/ directory. SKILL.md does not warn about this or restrict inputs.
Install Mechanism
This is an instruction-only skill with a bundled Python script; there is no install spec, no external downloads, and nothing is written to disk at install time beyond the skill's own files. Risk from install mechanism is low.
Credentials
The skill declares no required environment variables, no credentials, and no config paths. The script also does not read environment variables or network endpoints. Its filesystem access is limited to writing the ideas/ subtree — appropriate for its purpose, except for the unsanitized idea_id issue noted above.
Persistence & Privilege
The skill is not force-included (always: false) and is user-invocable; it does not modify other skills or global agent settings. Its persistence is limited to creating and updating files in the repository workspace (the intended behavior).
What to consider before installing
This skill generally does what it claims — it writes idea files, a human index, a catalog.json, and per-session summaries into an ideas/ directory. Before installing or allowing an agent to invoke it automatically, consider: 1) The script accepts an --idea-id and uses it directly to build file paths without sanitization; do not pass idea_id values from untrusted sources (they could include ../ to escape the ideas/ directory). 2) Only run this skill in workspaces you trust or where overwriting arbitrary files would not be harmful. 3) Recommended fixes: sanitize idea_id (e.g., run slugify on any supplied idea_id or explicitly reject path separators), or resolve and verify the target path is inside IDEAS_DIR (compare .resolve() parents). 4) If you plan to let an autonomous agent call this skill, restrict inputs and/or disable autonomous invocation until the path-handling is hardened. If you want, I can produce a small patch that enforces safe idea_id handling and prevents path traversal.

Like a lobster shell, security has layers — review code before you run it.

latestvk97dg3zxh4sqaas7f676j3jqwn83x5zn

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments