ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Clawdbot For Vcs

v1.0.0

Automate VC investment partner workflows by triaging emails, integrating with Affinity CRM, generating memos, managing calendars, and providing daily briefings.

0· 980·3 current·3 all-time
by@lindsay-pettingill
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The SKILL.md and supporting docs clearly implement a VC partner workflow (email triage, Affinity CRM, calendar, memo generation) which matches the skill name. However the registry metadata declares no required env vars or binaries while the documentation instructs the user to install the gog CLI and set AFFINITY_API_KEY and GOG_KEYRING_PASSWORD — a mismatch that should have been declared in the skill manifest.
!
Instruction Scope
The runtime instructions direct wide access to user data (read/search Gmail messages and attachments, manage Gmail labels and drafts, access Google Calendar, and call the Affinity API). That scope is appropriate for a triage/CRM skill, but the SKILL.md also contains content flagged by the scanner as a prompt-injection pattern (e.g., 'ignore-previous-instructions' detected). Prompt-injection strings embedded in skill docs can attempt to manipulate agent behavior; this is a meaningful red flag and should be inspected and removed or explained.
Install Mechanism
This is an instruction-only package with no install spec; the BOOTSTRAP.md recommends installing the gog CLI via 'go install' (a standard, moderate-risk operation). No archived downloads or opaque installers are used. Still verify the gog repo/source before installing and prefer installing via verified release channels.
!
Credentials
The skill does need sensitive credentials (Affinity API key, OAuth for Gmail/Calendar and a gog keyring password) to function — those are proportionate to its purpose. However the manifest/registry metadata fails to declare these required env vars and config paths. That omission reduces transparency and is suspicious: the skill may rely on or request secrets without declaring them to the platform.
Persistence & Privilege
The skill does not request always:true and is user-invocable only. Its documentation instructs copying templates into the user's Clawdbot workspace (local files) and storing environment variables in shell rc files — standard for this type of tool. There is no indication it modifies other skills or system-wide agent settings.
Scan Findings in Context
[ignore-previous-instructions] unexpected: The regex scanner found an 'ignore-previous-instructions' prompt-injection pattern inside SKILL.md. For a workflow/automation skill that should be 'safe by default', such a pattern is unexpected and could be an attempt to change agent instruction boundaries; inspect SKILL.md for any lines that attempt to override agent/system instructions and remove them.
What to consider before installing
What to consider before installing: - Verify the source and repo: the package lists no homepage/source; prefer skills with a public repository and maintainer contact. Ask the publisher for the canonical GitHub URL. - Expect to grant wide data access: the skill needs Gmail/Calendar OAuth and an Affinity API key to function. These are necessary for triage/CRM integration, but only provide them if you trust the package and maintainer. - Manifest mismatch: the registry metadata declares no env vars or binaries, yet the docs require 'gog', AFFINITY_API_KEY, and a GOG_KEYRING_PASSWORD. Ask the maintainer to update the skill manifest to declare these requirements before installing. - Prompt-injection flag: the SKILL.md contains text matched by a prompt-injection detector. Open and search SKILL.md/BOOTSTRAP.md for any lines like 'ignore previous instructions' or similar and remove or clarify them. Do not install if the docs instruct the agent to disregard platform safeguards. - Least privilege & testing: initially run in review-only mode (agent should only create drafts and never send). Use test/limited accounts where possible (a separate Affinity account or limited API key) and confirm the skill only performs expected API calls (label creation, draft creation, note creation). - Secret handling: avoid pasting long-lived secrets into files that are world-readable; store API keys in a secure credential store. Consider rotating keys after testing. - Verify third-party tools: confirm the gog CLI repo and its maintainers before 'go install'. If you prefer, run commands manually rather than giving the skill full automation until you have validated behavior. If you want, I can: (1) point to the exact lines in SKILL.md that reference 'ignore-previous-instructions' and other injection-like text; (2) draft questions to ask the package maintainer to clarify the manifest; or (3) list specific tests to run in a sandbox before granting production credentials.

Like a lobster shell, security has layers — review code before you run it.

latestvk977y1jskmtcn00d1etmvsnk0580zx6b

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments