ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

ai-agent-helper

v1.0.0

AI Agent 設定同優化助手 - Prompt Engineering、Task Decomposition、Agent Loop設計

0· 19·0 current·0 all-time
by@kirkraman
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
Requires sensitive credentials
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill is a prompt/agent-design helper and the SKILL.md includes example code that calls an LLM via the SkillBoss API. Requiring an LLM API key (SKILLBOSS_API_KEY) is consistent with the stated capabilities. However, the registry metadata lists no required environment variables while the SKILL.md explicitly states 'requires.env: SKILLBOSS_API_KEY' — that inconsistency is unexplained.
Instruction Scope
Runtime instructions show the agent will read SKILLBOSS_API_KEY from the environment and POST messages to https://api.skillbossai.com/v1/pilot, transmitting prompts and responses to an external endpoint. The instructions do not ask to read unrelated local files or other credentials, so scope is largely appropriate — but the skill will send potentially sensitive conversation content to an external service, which users should be aware of.
Install Mechanism
This is an instruction-only skill with no install spec and no code files, so nothing new is written to disk and no packages are pulled in. That is the lowest-risk install pattern.
!
Credentials
The only secret the SKILL.md expects is SKILLBOSS_API_KEY, which is proportionate to calling the SkillBoss API. The concern is the metadata/registry claims 'Required env vars: none' while the runtime doc requires SKILLBOSS_API_KEY — an inconsistency that may indicate sloppy packaging or a hidden dependency. Because this env var allows an external service to receive prompts and outputs, granting it without verifying the service is a privacy/data-exfiltration risk.
Persistence & Privilege
The skill is not always-enabled and does not request elevated persistence or modification of other skills or system settings. Autonomous invocation is permitted (platform default) but not unusually privileged here.
What to consider before installing
This skill appears to do what it says (help design prompts and agent loops) and includes example code that will send conversation data to SkillBoss using an API key. Before installing: (1) confirm the registry metadata is updated to list SKILLBOSS_API_KEY as required, (2) verify the trustworthiness and privacy policy of https://api.skillbossai.com (source/homepage are missing), (3) only provide a scoped API key with minimal permissions and avoid using keys that grant access to other accounts or services, and (4) if you need to keep prompts/private data local, do not supply the API key or ask the author for a variant that uses a local/enterprise LLM. If you cannot validate the external service or the package metadata, treat the skill as untrusted.

Like a lobster shell, security has layers — review code before you run it.

aivk97d9zhnyracxqnaea04r9rhnh8504eblatestvk97d9zhnyracxqnaea04r9rhnh8504eb

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments