Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Suspicious
high confidencePurpose & Capability
The skill's name/description (listing published agents and forwarding a question to a named agent) matches the implementation: the script queries a MaxKB instance and opens chat sessions. However, the registry metadata declares no required environment variables or credentials, while the SKILL.md and scripts clearly require MAXKB_DOMAIN and either MAXKB_TOKEN or MAXKB_USERNAME/MAXKB_PASSWORD (and optionally MAXKB_API_PREFIX and MAXKB_WORKSPACE_ID). The absence of these declarations in the registry is an incoherence and should be clarified.
Instruction Scope
Runtime instructions are focused: run the included Python script which reads a local .env (if present) and environment variables, then makes HTTP(S) calls to the MaxKB domain (login, list applications, obtain access token, create anonymous session, post chat messages). The instructions do not attempt to read unrelated system files or exfiltrate data to third-party endpoints beyond the configured MAXKB_DOMAIN.
Install Mechanism
This is an instruction-only skill with a single Python script; there is no install spec that downloads or executes arbitrary external code. The script embeds a lightweight .env loader to avoid optional dependency on python-dotenv.
Credentials
The script legitimately needs MAXKB_DOMAIN and either a token or username/password to authenticate to the MaxKB instance. Those environment variables are documented in SKILL.md/README but were not declared in the registry's required env list—this mismatch is a material oversight. The set of env vars requested by the script is otherwise proportional to the stated purpose and does not request unrelated cloud credentials.
Persistence & Privilege
The skill does not request always:true, does not modify other skills or system-wide settings, and only reads a .env in its own skill directory. It does not persist credentials beyond using environment variables and runtime HTTP calls.
What to consider before installing
This skill's behavior (querying a MaxKB server, logging in, obtaining access tokens, and opening chat sessions) matches its description, but the registry metadata incorrectly claims no required environment variables while the code requires MAXKB_DOMAIN plus either MAXKB_TOKEN or MAXKB_USERNAME/MAXKB_PASSWORD. Before installing: 1) Only provide credentials for a MaxKB instance you trust; the skill will send user questions to that server. 2) Prefer a scoped/limited token over admin credentials if possible. 3) Run the script in an isolated environment first (or inspect/modify the code) to confirm the endpoints (MAXKB_DOMAIN and any API prefix) and to ensure logs/outputs do not leak secrets. 4) Ask the publisher to correct the registry metadata to list the required env vars and to provide a homepage/source provenance. 5) If you cannot verify the MaxKB instance or the publisher, do not supply real credentials.Like a lobster shell, security has layers — review code before you run it.
latestvk973qyygj3pn9qxe2nyteygw2d84bgwg
License
MIT-0
Free to use, modify, and redistribute. No attribution required.