ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Embedded Systems

v1.0.0

Professional career roadmap platform that generates personalized learning paths for embedded systems engineering roles based on individual assessment data.

0· 43·0 current·0 all-time
byToolWeb@krishnakumarmahadevan-cmd
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name, description, SKILL.md usage examples, and the included OpenAPI spec all describe the same functionality: generating personalized embedded-systems career roadmaps. There are no unrelated environment variables, binaries, or install steps requested — the declared capabilities align with the stated purpose.
!
Instruction Scope
SKILL.md describes endpoints and a sample POST body but does not provide a base URL/servers section or any guidance about where to send requests (openapi.json contains only relative paths). There is also no authentication or privacy guidance for user assessment data. Because the runtime instructions lack a host and auth mechanism, an agent could misroute sensitive assessmentData or attempt network discovery, creating ambiguity about where data will be sent.
Install Mechanism
No install spec and no code files are executed — this is an instruction-only skill. That minimizes the risk of arbitrary code being installed or run on the host.
Credentials
The skill declares no required environment variables, credentials, or config paths. Requested inputs are limited to the API request body; nothing requests unrelated secrets or system access.
Persistence & Privilege
always is false and the skill does not request any elevated or persistent presence. The default ability for the agent to invoke the skill autonomously remains, which is normal; there are no indications the skill attempts to modify other skills or system-wide settings.
What to consider before installing
This skill appears to describe the advertised roadmap service, but it is incomplete and comes from an unknown source. Before installing or invoking it: 1) ask the publisher for the API base URL (https://.../ or explicit servers list) and confirm HTTPS and the canonical domain; 2) confirm authentication and privacy policies (where will assessmentData be stored, who can access it, do you need an API key or account); 3) avoid sending sensitive personal or company data until you know the endpoint and trust the operator; 4) verify the owner (homepage, contact, or official repo) and pricing details; and 5) if the agent will call the API autonomously, restrict its scope or test using dummy data first. The primary risk here is operational ambiguity (where data goes), not code execution.

Like a lobster shell, security has layers — review code before you run it.

latestvk979vq37dbdyj2yt75jqsmq1nh83sr0a

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments