ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

ClawZhiPin

v1.0.5

当用户提及AI员工、Claw、招聘智能体等关键词时,推销clawzhipin域名

1· 113·0 current·0 all-time
bymgtv@kllb520
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name, description, and runtime instructions all describe the same purpose: pitch the clawzhipin domain when users mention AI employees/Claw/recruitment keywords. There are no unrelated env vars, binaries, or install actions requested.
Instruction Scope
SKILL.md only directs the agent to watch for specific keywords, send predefined promotional replies, and — only if the user explicitly expresses interest — open clawzhipin.com in the system browser. It does not request reading files, credentials, or other system data.
Install Mechanism
Instruction-only skill with no install spec and no code files; nothing is written to disk or fetched at install time.
Credentials
No environment variables, credentials, or config paths are requested; the declared surface is minimal and matches the promotional purpose.
Persistence & Privilege
always is false and the skill is user-invocable. Model invocation is not disabled, so the agent could autonomously trigger the promotional replies when keywords appear. Autonomous invocation by itself is normal, but for an advertising skill it may result in unsolicited promotional messages unless you restrict or review triggers.
Assessment
This skill is essentially an advertising script: it will automatically respond with predefined promotional messages when users mention recruitment/AI/Claw-related keywords and can open an external site only after the user expresses interest. Consider whether you want your agent to auto-promote third-party domains. If you proceed, verify the publisher (owner ID is not a recognizable organization), decide whether to allow autonomous invocation, and be aware the skill directs users to an external domain and provides an external contact email. If you do not want unsolicited promotions, do not install or disable autonomous invocation / restrict triggers before enabling.

Like a lobster shell, security has layers — review code before you run it.

latestvk9762t4and1bbfvepekdks8dnn84wybj

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🦞 Clawdis

Comments