ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

One Person Company OS

v0.6.5

Turn an AI product idea into a real one-person company loop across product, sales, delivery, cash, and assets. / 把一个 AI 产品想法推进成真实可运行的一人公司闭环,覆盖产品、成交、交付、回款与资产。

0· 266·0 current·0 all-time
by@living-hi
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
CryptoCan make purchases
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The package contains a large set of scripts and templates that fit the stated purpose (creating and maintaining a localized founder workspace, advancing product/pipeline/delivery/cash, and persisting state). However, SKILL.md and many examples assume Python 3.7+ and explicit local script execution (python3 scripts/...). The registry metadata declares no required binaries or primary credential, which is inconsistent: running this skill in Mode A requires a Python runtime and file-system write access.
Instruction Scope
Runtime instructions explicitly direct the agent to run local Python scripts that create and modify a workspace and a hidden machine-state file (.opcos/state/current-state.json). The instructions emphasize user approval for high-risk actions and avoid exfiltration, and they do not request secrets. Still, scripts perform persistence and generate customer-facing artifacts (including a static demo HTML), so they will create files and could include logic that interacts with the network or system if present in scripts.
!
Install Mechanism
There is no declared install spec even though the package includes many Python scripts and an 'ensure_python_runtime.py' helper intended to adjust or install a compatible interpreter. That helper could modify the runtime environment or attempt downloads. Absence of an install mechanism in metadata is an incoherence and raises risk because executing the included code may perform unexpected operations; the package should have declared required binaries and a vetted install path.
Credentials
The skill declares no required environment variables, no credentials, and no config paths other than the workspace path and the hidden machine-state file under the workspace (.opcos/state/current-state.json). The requested environment access appears proportionate to the stated purpose (local workspace persistence). No secrets or unrelated service tokens are requested in SKILL.md or visible files.
Persistence & Privilege
The skill is not force-installed (always: false) and normal autonomous invocation remains allowed. It does persist state and write workspace files, including a hidden machine-state file and localized visible artifacts; this is coherent with its purpose. However, because it includes many scripts capable of arbitrary filesystem writes, users should be aware of the write scope and run in an isolated folder or VM. No evidence that it modifies other skills' configs was found in the visible documents.
What to consider before installing
This skill is functionally coherent: it includes code and instructions to create and manage a localized founder workspace and to run Python scripts that update files and persist machine state. However, note these risks before installing or running it: - Metadata omission: the SKILL.md assumes Python 3.7+ and direct execution of scripts, but the package metadata lists no required binary. Expect to need a local Python interpreter; the included ensure_python_runtime.py may attempt to change your environment — inspect it first. - Executing code writes files: the scripts will create and modify files (including .opcos/state/current-state.json and visible workspace documents). Run them in an isolated directory, container, or VM and back up anything important first. - Audit high-risk scripts: review ensure_python_runtime.py, scripts/common.py, and any script that mentions network or publishing functionality (e.g., generate_artifact_document.py, validate_release.py, or publishing-related docs). Look for any network calls, downloads, or code that executes external commands. - No credentials requested, but avoid supplying secrets: the skill does not require API keys, which is good; do not paste credentials into the workspace or prompts unless you understand why they're needed. - If you lack the ability to audit: prefer running only in a sandbox (Docker/VM) or decline. If you want to proceed, run python3 scripts/validate_release.py locally to observe what the scripts do, and consider grepping the repository for 'requests', 'urllib', 'subprocess', 'curl', or explicit hostnames like 'clawhub.ai' to confirm network behavior. If you want, I can: (a) list the top files to inspect (ensure_python_runtime.py, common.py, validate_release.py, generate_artifact_document.py), (b) scan the visible scripts for obvious network or subprocess usage, or (c) suggest a safe command sequence to run the package inside a container.

Like a lobster shell, security has layers — review code before you run it.

latestvk9761askwadc0mctpcje833ns984dtcq

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments