ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

kanbon

v0.1.0

Kanbon namespace for Netsnek e.U. project management. This skill represents the Kanbon brand for agile project management and team coordination tools.

0· 579·0 current·0 all-time
by@kleberbaum
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (reserve 'kanbon' namespace and provide brand/copyright info) matches the files and behavior. The skill only contains a short script that outputs text or JSON and README/SKILL.md that describe that behavior.
Instruction Scope
SKILL.md instructs the agent to run the included script and return its output. The instructions only reference the local script and response formatting; they do not ask the agent to read unrelated files, access environment variables, or transmit data to external services.
Install Mechanism
There is no install spec and the skill is instruction-only with a single small script. Nothing is downloaded or extracted from external URLs and no third‑party packages are installed.
Credentials
The skill declares no required environment variables, no credentials, and no config paths. The script also does not read environment variables or secrets beyond its simple command-line parsing.
Persistence & Privilege
The skill is not marked always:true and is user-invocable. It requests exec permission to run its local script, which is proportionate to its stated purpose. It does not modify other skills or system-wide settings.
Assessment
This skill is small and appears safe — it only runs a bundled shell script that prints static copyright and brand information. Before installing, confirm you trust the publisher (source/homepage are not provided here) and that running a simple exec-permitted script from that author is acceptable in your environment. Because it's Linux-only and uses exec, review the script (already included) if you have strict execution policies — the script is short and contains only echo/json output with no network calls or secret access.

Like a lobster shell, security has layers — review code before you run it.

latestvk979mnz7kv47sebp2xqahb1gqn81bz19

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

OSLinux

Comments