ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

AI Governance, Security & Ethics Readiness Assessment

v1.0.0

Assess organizational maturity across AI Governance, Security, and Ethics & Compliance domains.

0· 31·0 current·0 all-time
byToolWeb@krishnakumarmahadevan-cmd
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name, description, SKILL.md examples, and the openapi.json all align: the skill is an assessment service that accepts assessment data and returns maturity scores and recommendations. No unrelated dependencies, credentials, or binaries are requested.
!
Instruction Scope
The SKILL.md provides request/response examples and endpoint paths (e.g., POST /api/ai-gse/assess) but does not specify a base URL/host or any authentication mechanism. Because the instructions describe submitting potentially sensitive organizational assessment data, the lack of explicit server and auth details is a concern: an agent executing these instructions might attempt to transmit data to an unspecified destination or make unsafe assumptions about where to send data.
Install Mechanism
No install spec and no code files beyond the documentation/openapi spec. This instruction-only form minimizes on-disk code risk.
Credentials
The skill declares no required environment variables, credentials, or config paths. Nothing requested is disproportionate to a read-only assessment API specification.
Persistence & Privilege
Skill is not always-on, is user-invocable, and allows model invocation (platform default). It does not request persistent system changes or access to other skills' configs.
What to consider before installing
This skill appears to be an API specification for an AI governance/security/ethics assessment and is internally consistent, but exercise caution before sending any real organizational data. Confirm the service host and its ownership (there is no homepage or server URL in the files), and confirm how authentication and data handling are performed. If you plan to use it, either (a) provide a trusted internal/base URL and credentials, (b) test with non-sensitive sample data first, or (c) host the assessment service yourself. Do not allow the agent to autonomously POST sensitive assessment data until you have validated the endpoint, TLS, and privacy policies. Providing the skill author/source information or a servers entry in openapi.json would raise confidence.

Like a lobster shell, security has layers — review code before you run it.

latestvk975dq839c5gvsvzstjyjzxyas842swx

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments