ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Drone Engineer

v1.0.0

Professional entry-level drone and UAV systems engineering career roadmap platform that generates personalized learning paths based on experience and skills...

0· 61·0 current·0 all-time
byToolWeb@krishnakumarmahadevan-cmd
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name, description, SKILL.md content, and openapi.json align: the skill describes an API for generating personalized drone engineering roadmaps and the schemas/endpoints match that purpose. It does not request unrelated binaries, credentials, or config paths.
Instruction Scope
Runtime instructions only describe building and sending assessment payloads to the described endpoints; they do not instruct reading local files or other sensitive system state. However, the OpenAPI document and SKILL.md do not include a server URL or authentication details — the destination host(s) for requests are unspecified. That omission increases risk because an agent or user must supply the endpoint, creating opportunity for misconfiguration or accidental data exposure.
Install Mechanism
No install spec and no code files beyond documentation/OpenAPI. Instruction-only skills have minimal on-disk footprint and nothing is downloaded or executed on install.
Credentials
The skill requires no environment variables, credentials, or special config paths. The only data involved is user-provided assessment data (experience, skills, userId, sessionId), which is proportionate to the described purpose. Note: userId/sessionId may be personally identifying if populated with real identifiers; the skill does not request authentication tokens but also does not describe any privacy controls.
Persistence & Privilege
Skill is not always-enabled and is user-invocable. It requests no persistent presence, doesn't modify other skills, and has normal agent invocation settings.
What to consider before installing
This skill appears to do what it says (create personalized drone-engineer roadmaps) and doesn't request credentials or install code, but the OpenAPI/SKILL.md do not specify the server URL or authentication. Before using: 1) verify the API host/domain where you will send assessment data — do not allow the agent to pick an endpoint automatically; 2) avoid submitting sensitive personal data or credentials in assessment fields; 3) ask the publisher for an official homepage or contact and for server/auth details; 4) if you must test, use dummy data or a staging endpoint first. Because the publisher is unknown and the destination is unspecified, treat this skill cautiously.

Like a lobster shell, security has layers — review code before you run it.

latestvk978yhs4avwsycgmmg7a7zhq0h83gb54

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments