Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The stated purpose (semantic classification + append to Obsidian files) matches the code's file-write behavior, but the package metadata and HTML claim background reminders/cron triggers and a message.send tool that the index.js no longer implements. Also the code hardcodes BASE_DIR = '/Users/macbook/Documents/OC_club' instead of using a configurable workspace path — this is brittle and unexpected.
Instruction Scope
SKILL.md requests only filesystem RW and describes reminders/cron/archiving behavior. The code implements classification and append-only writes and explicitly avoids network calls, but many described features (reminder persistence, cron handler, reminder creation/synchronization) are referenced in metadata/HTML or comments and are absent or removed from index.js. The SKILL.md does not disclose the hardcoded filesystem path the code uses.
Install Mechanism
No install spec or external downloads are present; this is an instruction-only skill with bundled JS/HTML files. That minimizes supply-chain install risk.
Credentials
No credentials or environment variables are required and the code does only local fs operations, which is proportional. However metadata lists 'message.send' as a required tool and a primaryEnv of 'node' and includes 'openclaw' under system requires — these metadata entries are unnecessary for a purely local fs skill and raise questions about intended privilege (push notifications) that the code doesn't use.
Persistence & Privilege
always is false and the skill does not request elevated system privileges. The metadata declares a cron trigger (handler onCronTick) but index.js does not export or implement that handler; if the platform attempted to call a missing handler it may error. The hardcoded BASE_DIR means the skill creates/modifies files at a fixed path on disk, which is persistent and should be surfaced to the user.
What to consider before installing
This skill appears to perform only local file writes (no network), but there are several red flags you should address before installing: 1) The code hardcodes BASE_DIR = '/Users/macbook/Documents/OC_club' — ask the author to make the base path configurable or confirm it will be changed to a workspace-safe location so it won't create files in an unexpected user path. 2) Metadata claims message.send and a cron trigger (onCronTick) and the HTML advertises a reminder engine, but index.js does not implement reminder logic or onCronTick; ask the author to either implement or remove those declarations. 3) The package metadata and registry version numbers conflict — request a corrected metadata.json and a clear statement of what runtime privileges/tools the skill actually needs. 4) Because the skill will write files, test it in a sandboxed environment (or point it to an empty test directory) before using with your real Obsidian vault. 5) If you rely on reminders/notifications, require the author to show the actual code path that uses message.send and explain what data will be sent. After these clarifications/repairs the skill can be reassessed; as-is the mismatches make it suspicious rather than clearly benign.Like a lobster shell, security has layers — review code before you run it.
latestvk9755ja2x5jgz3m0r5f9zrwd7n83xaak
License
MIT-0
Free to use, modify, and redistribute. No attribution required.