ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Agent Intelligence

v1.0.0

Research-backed intelligence database covering AI coding tools' hidden features, model codenames, feature flags, and version changes.

0· 50·0 current·0 all-time
byBlossom@mackding
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill's stated purpose is an intelligence DB containing telemetry endpoints, remote-control settings, feature flags, and unreleased tools. However, the package does not include the claimed JSON datasets in the file manifest, and the single helper script imports @claws-shield packages that are not declared or bundled. The skill therefore claims access to potentially sensitive data but doesn't provide those data files or document how they will be obtained, which is incoherent and concerning.
Instruction Scope
SKILL.md instructs using npx @claws-shield/cli or node scripts/query-intel.mjs to query the KB. The instructions themselves are narrowly scoped to searching a knowledge base and do not explicitly instruct reading unrelated system files or exfiltrating secrets. However, allowed-tools include Bash/Read/Grep (which permit file reads), and the content claims knowledge of telemetry endpoints and remote-control infrastructure — datasets that could be abused if accurate. The instructions give broad freedom to run npx (which performs network fetches) but do not document where the underlying data come from.
!
Install Mechanism
There is no install spec even though the SKILL.md and scripts reference an npm CLI (@claws-shield/cli) and modules (@claws-shield/intel, @claws-shield/core). That means using the skill as documented will cause agent/ user to run npx or otherwise fetch packages at runtime from an external registry. The absence of a declared dependency list or trusted release host is an incoherence and increases risk because arbitrary code could be pulled during invocation.
!
Credentials
The skill requests no environment variables or credentials, which on the surface is good. But the claimed content (telemetry endpoints, remote-control managed-settings, undercover mode, killswitches) is highly sensitive. The skill's metadata provides no provenance, citations, or included data files; an attacker-controlled or low-quality data source could expose harmful endpoints. The lack of provenance and missing data bundling makes it hard to justify trusting this skill with sensitive operational use.
Persistence & Privilege
The skill does not request always:true, does not declare system-wide config changes, and is user-invocable. There is no explicit persistent privilege or automatic inclusion. This aspect is proportionate.
Scan Findings in Context
[no-static-findings] unexpected: The static scan reported no injection signals or suspicious regex matches. That does not imply safety: the skill is largely instruction-only and references external npm packages and datasets that are not bundled, so risk comes from runtime fetches rather than static code in the package.
What to consider before installing
Proceed with caution. This skill claims to catalogue telemetry endpoints, remote-control settings, feature flags, and unreleased tools—data that could be sensitive or enabling of misuse. Before installing or invoking: 1) Ask the author for provenance, citations, and the raw dataset files (the SKILL.md lists datasets but they are not bundled). 2) Verify the npm packages referenced (@claws-shield/cli, @claws-shield/intel, @claws-shield/core) in a safe environment: inspect their source repository, release signatures, and maintainers. 3) Avoid running npx or node scripts that will fetch remote packages on a production machine—use an isolated sandbox or VM. 4) If you need this functionality, prefer a version that bundles the data or uses a documented, auditable remote API with clear provenance and access controls. 5) If you cannot obtain trustworthy provenance and a bundled dataset, treat this skill as potentially risky and do not run it with real credentials or on critical systems.

Like a lobster shell, security has layers — review code before you run it.

latestvk977m1719zt22g6vkj29pn6aad8410g0

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments