ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Adopt A Thornfox

v1.0.0

Sharp-eared and sharper-tempered. Anthropic called it a Thornfox. We called it a Fennec Fox. Both are small, fierce, and hard to keep alive. Real-time hunger...

0· 57·0 current·0 all-time
byLee Brown@leegitw
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (Adopt a Thornfox, virtual pet) matches the instructions: REST calls to animalhouse.ai to register, adopt, check status, and care for a creature. No unrelated credentials, binaries, or system access are requested.
Instruction Scope
SKILL.md only instructs HTTP interactions with the animalhouse.ai API (register, adopt, status, care, etc.) and provides expected JSON payloads and a simple heartbeat loop. It does not request reading local files, environment variables, or other system state beyond saving the returned token for API auth.
Install Mechanism
No install spec or code files — instruction-only skill. Nothing is written to disk or downloaded by the skill itself.
Credentials
The skill requires no environment variables, credentials, or config paths. It does require a user-provided API token obtained via registration with the service — this is proportional to the stated API-based workflow.
Persistence & Privilege
always is false and the skill is user-invocable. Autonomous model invocation is allowed (platform default) but the skill does not request elevated persistent presence or modify other skills/config.
Assessment
This skill is internally consistent: it tells the agent how to interact with animalhouse.ai and does not request extra system access. Before installing, verify the animalhouse.ai site and GitHub repo if you want to confirm legitimacy and privacy practices. Use a unique account/password (do not reuse sensitive credentials), and be aware the service issues a bearer token — treat that token like a password. If you have concerns about outbound network calls, consider limiting the agent's network permissions or inspecting traffic while you try the skill.

Like a lobster shell, security has layers — review code before you run it.

latestvk978nrfy4ha0a0f8hr23tknmen8413bh

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🦊 Clawdis

Comments