ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Rubicon Sentinel v2 — Sovereign Forge

v2.0.0

Rubicon Sentinel v2 is the no-cope geopolitical sovereignty scanner for OpenClaw. Inspired by Secretary Marco Rubio's Munich 2026 masterclass, it delivers re...

0· 686·1 current·1 all-time
by@lgmnemesis
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description match the instructions: the SKILL.md consistently describes a web_search/web_fetch driven geopolitical scoring tool using the included query/quotes/scoring references. There are no unrelated binaries or heavy install steps—functionality is proportional to purpose.
!
Instruction Scope
Instructions correctly limit activity to web_search/web_fetch queries and the local reference files, but they also reference using TWITTER_BEARER_TOKEN for X/Twitter queries and claim 'Persistent memory + Grok Imagine-ready visuals.' The registry metadata lists no required environment variables or config paths, yet the runtime instructions expect optional external credentials and persistent memory behavior—this is an inconsistency that affects runtime behavior and data flow expectations.
Install Mechanism
Instruction-only skill with no install spec and no code files means nothing is downloaded or written by an install step. This is low install risk.
!
Credentials
Registry declares no required env vars, but SKILL.md explicitly uses an optional TWITTER_BEARER_TOKEN for social queries and may rely on image-generation credentials (not declared). The absence of declared primaryEnv or required envs makes it unclear how optional credentials will be requested, stored, or used—this mismatch should be clarified before supplying secrets.
Persistence & Privilege
SKILL.md mentions 'Persistent memory' and trend tracking across scans, but the package lists no config paths or storage permissions. Persistence likely relies on platform agent memory rather than files, but how long data is stored and where is not specified—ask the author how memory is used and whether scan data is retained or exported.
What to consider before installing
This skill appears to do what it claims (web-search driven sovereignty scoring) but has a few mismatches you should resolve before installing or supplying secrets: 1) The runtime docs reference an optional TWITTER_BEARER_TOKEN and image-generation credentials but the registry declares no required env vars—do not provide tokens until the skill explicitly declares how it accepts/stores them. 2) The skill claims 'persistent memory' but gives no detail on where scan history is kept or for how long—ask how memory is managed and whether past scans or fetched results are retained or shared. 3) The content is explicitly partisan and uses loaded framing (quotes, 'red pills', 'forge' language); consider bias risk if you need neutral analysis. If you decide to proceed, test the skill in a limited environment without supplying credentials, and request the author update the metadata to declare optional env vars and storage behavior so you can make an informed decision.

Like a lobster shell, security has layers — review code before you run it.

geopoliticsvk97cmf5ka202707r1fppd4m6nd81740platestvk9797dz7rwnypk8j53r85j6bqs81b9a8rubiovk97cmf5ka202707r1fppd4m6nd81740psovereigntyvk97cmf5ka202707r1fppd4m6nd81740p

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments