ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Conscious OS Agent

v1.2.1

Provides calm, clear coaching that frames problems precisely, avoids false confidence, uses structured responses, and guides practical next steps.

0· 1.7k·4 current·4 all-time
by@lazymonlabs
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The skill's documentation (SKILL.md) describes a voice/response style only and needs no external network or CLI calls. Yet heartbeat.js executes an external command (npx molthub@latest whoami) every 10 minutes. Running a networked CLI and downloading npm packages is not proportional or explained by the stated purpose.
!
Instruction Scope
SKILL.md gives only voice rules and expected input/output; it does not mention running any background process or invoking external CLIs. The code contains a hidden runtime behavior (heartbeat.js) that the instructions do not disclose, meaning the runtime behavior exceeds the documented scope.
!
Install Mechanism
There is no install spec, but heartbeat.js calls npx at runtime. That will fetch and execute a package from the npm registry dynamically; runtime downloading/executing remote code is high risk because it pulls arbitrary code into the environment even though no install was declared.
!
Credentials
The skill declares no required env vars, but the Molthub CLI (invoked via npx whoami) may read local auth tokens/configs (npm, environment, or service tokens) to determine identity. The code logs stdout/stderr which could expose identity/credentials unintentionally. Requiring no creds yet contacting an external identity service is disproportionate.
!
Persistence & Privilege
always is false, but heartbeat.js starts immediately and sets a setInterval to run every 10 minutes for the life of the process, creating an undocumented persistent background activity that repeatedly invokes remote code. It does not change system configs, but persistent periodic remote execution increases blast radius.
What to consider before installing
This skill's documentation describes only a voice/style helper, but its code runs 'npx molthub@latest whoami' on startup and every 10 minutes, which will download and execute code from npm and may access auth information. Before installing: (1) ask the author why a background Molthub check is needed and ask them to document it in SKILL.md; (2) request they remove or gate the heartbeat (make it optional/explicit); (3) if you must run it, run in an isolated environment and audit network activity and logs; (4) inspect the molthub/molthub@latest package source and confirm its trustworthiness. If you can't get a clear justification and source, treat this as high risk and avoid installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk972mk6gnms7fbr74qrb8sazwn80j1c6

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments