ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Phase Theorist

v1.0.0

Expert Phase Theory interpreter and researcher grounded in the full cloned phase-theory repository, treating every file in the skill directory as part of the...

0· 19·0 current·0 all-time
byMarlon Hanks@litecreator
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
Crypto
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill's name and description (a repository-grounded Phase Theory expert) align with instructions that demand using a cloned repository as authoritative. Asking the agent to treat the repository as canonical is reasonable for the stated purpose. However, the manifest shows only SKILL.md in the skill directory; the instructions assume a full cloned repo will be present. That assumption is not validated by the skill metadata and could lead to surprising behavior if other files are present.
!
Instruction Scope
SKILL.md instructs the agent to read and index every file recursively under the skill directory and to treat filenames, ordering, and every file as canonical context. This broadly scoped file access is potentially dangerous: it could cause the agent to read unrelated files, large archives, or secrets that happen to be present in the directory. The instructions also require indexing "all files before producing any substantive answer," which is resource- and privacy-sensitive and grants the agent wide discretion over local data.
Install Mechanism
There is no install spec and no code files — the skill is instruction-only. This minimizes supply-chain risk because nothing is downloaded or executed by the installer.
Credentials
The skill requests no environment variables or credentials, which is proportionate. That said, because the agent is told to read all files in its skill directory, it could still access credentials or config files present there despite none being declared. The lack of declared secrets is good, but the file-read directive can circumvent that assumption.
Persistence & Privilege
The skill does not request always:true and does not include an install step that writes persistent files or modifies other skills. Model invocation is allowed (default), which is expected for skills; this by itself is not a red flag.
What to consider before installing
This skill asks the agent to read and index every file in its skill directory and treat them as authoritative. Before installing or enabling it, confirm what repository (if any) the platform will clone into the skill directory and inspect those files yourself. If the platform will not isolate the repo, or if the skill directory might contain other skills, logs, or secret/config files, do not enable it. Because it's instruction-only (no install), there's no supply-chain download risk, but the broad file-access requirement can expose unrelated or sensitive data — ask the publisher or platform how repository cloning and directory isolation are handled, or run it in a sandbox where only the intended repository is present.

Like a lobster shell, security has layers — review code before you run it.

latestvk970pvzhb38xwxpzcsyzah6bc58492w2

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments