ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

External Ki Integration Backup

v1.0.0

Skill for accessing external AI services (ChatGPT, Claude, Hugging Face, etc.) via browser automation (Chrome Relay) and APIs to assist with tasks.

0· 540·2 current·2 all-time
by@konscious0beast
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill claims to mediate external AI services via browser automation and APIs, and the SKILL.md contains concrete browser-relay and API call patterns that match that purpose. However, the manifest/registry metadata lists no required env vars or config paths while the SKILL.md explicitly references a local config (~/.openclaw/openclaw.json) and several optional API keys (OPENAI_API_KEY, ANTHROPIC_API_KEY, HF_TOKEN). The omission in metadata is an inconsistency the publisher should explain.
!
Instruction Scope
Instructions direct the agent to navigate user-attached Chrome tabs, interact with logged-in web UIs, extract chat responses, and read/write to local paths (e.g., ~/.openclaw/openclaw.json, system/logs/hf-costs.log) and update skills/index.md. Accessing browser sessions and local config/log files can expose sensitive data; while this is within the skill's stated function, the instructions also reference files and edits outside the immediate task without those paths being declared in metadata.
Install Mechanism
This is instruction-only (no install spec, no code files). That reduces supply-chain risk because nothing is downloaded or written at install time by the skill itself.
!
Credentials
The SKILL.md expects optional API keys (OPENAI_API_KEY, ANTHROPIC_API_KEY, HF_TOKEN) and may read a token from ~/.openclaw/openclaw.json, yet the registry metadata declares no required env vars or config paths. Optional credentials are reasonable for API calls, but the discrepancy and the ability to read an on-disk token (not declared) are proportionality concerns — the skill can access both web-session data and local stored tokens, increasing sensitive access surface.
Persistence & Privilege
The skill does not request always: true and has no install step, so it does not demand permanent elevated presence. It does suggest adding itself to skills/index.md (a local documentation/config file) which would modify agent state; editing its own index entry is plausible but should be explicit and limited to its own directory.
What to consider before installing
Before installing or invoking this skill: (1) Verify the publisher/source — the registry metadata omits config/env references that appear in the runtime instructions. (2) Only attach Chrome tabs that you explicitly permit the agent to read; do not attach tabs containing private chats, passwords, or sensitive data. (3) Be cautious supplying API keys; prefer temporary or scoped keys and revoke them after use. (4) Inspect your ~/.openclaw/openclaw.json and any logs the agent might read/write; if you don't want the skill to read that file, do not grant it access and ask the publisher to remove that behavior. (5) Ask the publisher to update registry metadata to declare the optional env vars and config paths the skill uses; lack of declared requirements is a red flag. If you cannot confirm these points, treat the skill as risky and avoid providing credentials or attaching sensitive browser sessions.

Like a lobster shell, security has layers — review code before you run it.

latestvk9726m1ffxs6f9seq8nv4v9mnn81m1nb

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments