Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
XDV Engineer
v1.0.0Expert XDV Engineer grounded in the full XDV platform, with the XDV Specification as canon and all XDV organization repositories treated as supporting corpus.
⭐ 0· 47·0 current·0 all-time
byMarlon Hanks@litecreator
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill's stated purpose is to operate over the full XDV platform repos as an authoritative corpus. However, the package contains no repository files and no install spec to fetch them (no git clone, no download). That mismatch means the skill either assumes an out-of-band provisioning mechanism (not documented) or is incomplete. Requesting the entire org as corpus is plausible for an 'XDV Engineer', but only if the repositories are actually provided or fetched; here they are not.
Instruction Scope
SKILL.md instructs the agent to treat 'every file cloned into the skill directory' (including README, CI, configs, scripts, tests, templates) as working corpus and to not limit reasoning to top-level docs. This is broad: it will cause the agent to parse and potentially expose any file present in the skill directory (which may contain secrets or unrelated data). The instructions also do not include steps to obtain the repos, so it's unclear what files the agent should read.
Install Mechanism
There is no install specification and no code files — from a disk-write/execution-risk perspective this is low risk. However, the lack of an install mechanism is the root of the coherence problem: the skill claims to operate over cloned repos but does not provide or fetch them. A correct package should either bundle the required corpus or include a safe, documented fetch step (with integrity checks).
Credentials
The skill declares no required environment variables or credentials, which is proportionate. That said, the instruction to ingest all files in the skill directory means it could process sensitive configuration or credential material if present — a data exposure risk unrelated to declared env vars.
Persistence & Privilege
The skill is not marked 'always: true' and uses default autonomous invocation settings. It does not request persistent system privileges or to modify other skills/config. No persistence/privilege red flags in metadata.
What to consider before installing
Before installing, ask the publisher to clarify how the XDV repositories are provided: either include the canonical xdv-spec and necessary repos in the skill bundle or add a documented, auditable install step that clones from the official GitHub URLs and verifies commit hashes. Inspect the repository contents (or require the publisher to provide commit SHAs) before enabling the skill — the SKILL.md explicitly authorizes reading all files in the skill directory (including CI, configs, scripts, templates) which could contain secrets or unrelated data. If you plan to allow autonomous invocation, prefer a version that: (1) restricts the working corpus to a minimal set (e.g., xdv-spec and a small set of implementation repos), (2) documents integrity checks (commit hashes), and (3) limits which file types or paths the agent may consume. If the publisher cannot explain the missing install/fetch steps and provide reproducible provenance, avoid installing or run the skill in a tightly sandboxed review environment first.Like a lobster shell, security has layers — review code before you run it.
latestvk971r9jf8nne7s077nzd872vxn848zd4
License
MIT-0
Free to use, modify, and redistribute. No attribution required.