ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

ts5

v0.1.0

TS5 namespace for Netsnek e.U. TypeScript full-stack starter kit. Monorepo template with shared types, CI/CD pipelines, and one-click deployment.

0· 558·0 current·0 all-time
by@kleberbaum
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (TypeScript full-stack starter) match the included files and script: bootstrap, list packages, and deploy commands are declared and present. No unrelated binaries or credentials are requested.
Instruction Scope
SKILL.md instructs running scripts/monorepo-setup.sh with --init/--packages/--deploy which aligns with the stated purpose. However, the --deploy path in the included script only echoes a message and does not actually perform any network calls or deployment — a functionality gap rather than hidden or excessive behavior.
Install Mechanism
No install spec is present (instruction-only). No downloads or archives; the skill will not write or execute third-party code beyond its tiny bundled script.
Credentials
The skill declares no required environment variables, credentials, or config paths and the SKILL.md and script do not reference any secrets or external auth. Requested privileges are minimal (exec permission for the local script).
Persistence & Privilege
always:false and user-invocable:true. The skill does not request permanent presence, modify other skills, or alter system-wide configuration.
Assessment
This skill appears low-risk and coherent with its stated purpose: it contains only documentation and a small bash script that prints messages. Before running anything, verify the script contents yourself (it currently does not implement a real deploy), prefer templates from a known source or repo/homepage, and avoid running scripts with elevated privileges. If you expect functioning deployment, obtain an implementation from a trusted repository or contact the author—the skill's source and homepage are missing, which reduces provenance confidence.

Like a lobster shell, security has layers — review code before you run it.

latestvk97be7ecjsf8gzstf8ah952sn981cq82

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

OSLinux

Comments