Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description say this is about recommending trendy bookstores and travel/check-in guides, which would not normally require seat layouts, stage distance, or detailed ticketing fields. SKILL.md asks for '场地座位/遮挡/距离舞台' and '演出/展览阵容', and return fields include '购票渠道/退票说明' and '安检要求/随身物品限制' — these are more appropriate for event/venue skills. While some bookstores host exhibitions, the presence of multiple event-oriented fields suggests incoherent scope or a mistaken template.
Instruction Scope
The instructions do not instruct reading local files or environment variables (good), but they define a wide set of outputs (ticketing, entry flow, security checks, seating) that go beyond simple bookstore recommendations. The examples include '可拍摄展览TOP20(需预约)', which partially explains exhibition-related items, but the mix of concert/venue-style fields grants the agent broad discretion to collect event-level data beyond typical bookstore guides.
Install Mechanism
No install spec and no code files — instruction-only. This minimizes risk from on-disk installs or remote downloads.
Credentials
The skill requests no environment variables, credentials, or config paths — proportional to a read-only recommendation/listing skill.
Persistence & Privilege
Default privileges (not always:true). The skill is user-invocable and can be invoked autonomously by the agent (platform default); nothing here indicates elevated persistent privileges.
What to consider before installing
This skill is instruction-only and asks for no credentials, which is good, but the SKILL.md mixes bookstore recommendations with event/venue fields (seating, stage distance, tickets, security). Before installing or enabling autonomous use, ask the skill author or publisher to clarify: (1) whether the skill is intended for bookstores only or also for event venues/exhibitions; (2) what data sources it will query (APIs, scraping, user-supplied info); and (3) whether it will fetch or store ticketing/personal data. If you plan to let the agent invoke this autonomously, prefer a clarified/simplified SKILL.md scoped to just bookstore recommendations, or restrict usage to manual invocation until the scope is corrected.Like a lobster shell, security has layers — review code before you run it.
latestvk97fqgmgdkkrqefzs921n511gn83dczz
License
MIT-0
Free to use, modify, and redistribute. No attribution required.