ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Multimedia Gaming

v1.0.0

AI-powered platform that generates personalized career roadmaps for multimedia and gaming professionals based on skills assessment and learning goals.

0· 21·0 current·0 all-time
byToolWeb@krishnakumarmahadevan-cmd
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
CryptoCan make purchases
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name and description claim an API that generates personalized career roadmaps; the SKILL.md and openapi.json consistently describe endpoints and request/response schemas. However, there is no server URL, no implementation code, and no installation instructions — the skill is documentation-only, which may be legitimate but means it cannot actually call a backend as-is.
Instruction Scope
The SKILL.md contains API usage examples, request/response samples, and endpoint descriptions only. It does not instruct the agent to read unrelated files, environment variables, or system state, nor to transmit data to unexpected external endpoints. It stays within the stated domain (career roadmap generation).
Install Mechanism
No install specification and no code files to write or execute. This is the lowest-risk install model (instruction-only).
Credentials
The skill declares no required environment variables, credentials, or config paths. Nothing here requests access to unrelated secrets or systems.
Persistence & Privilege
always is false and agent autonomous invocation is not disabled (normal defaults). The skill does not request persistent presence or system-level modifications.
What to consider before installing
This package is essentially API documentation (SKILL.md + OpenAPI) with sample payloads but no server URL, code, or provenance. Before installing or using it: 1) Verify the skill's source and ask the publisher for the service endpoint, hosting, and privacy/terms. 2) Don't send real or sensitive personal data (PII, account identifiers) to sample session/user fields until you confirm where requests are sent and how data is stored. 3) Expect that, as-is, the skill cannot contact a backend (openapi.json has no servers) — confirm whether the integrator will provide a hosted API or an implementation will be added. 4) If you need to proceed, test with non-sensitive dummy data and require HTTPS and an authenticated API with a documented privacy policy. These steps will reduce risk given the unknown origin and the incomplete nature of this skill.

Like a lobster shell, security has layers — review code before you run it.

latestvk97eby3w3pn1g3w9w26v1e1x29848w13

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments