ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

mbk

v1.0.0

Command-line tool to list, inspect, and verify skill availability and eligibility with moltbot skills commands.

0· 1.5k·0 current·0 all-time
by@mondilo1·duplicate of @mondilo1/cli
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
SKILL.md documents 'moltbot skills' commands (list/info/check) which implies the agent needs a 'moltbot' CLI; however the skill's metadata declares no required binaries, env vars, or primary credential. That mismatch means the declared requirements do not fully match the skill's stated functionality.
Instruction Scope
The instructions are short and narrowly scoped: they show example 'moltbot skills' commands and links to related docs. They do not instruct reading unrelated files, exfiltrating data, or contacting external endpoints.
Install Mechanism
There is no install spec and no code files—this is instruction-only. That minimizes installation risk because nothing will be written or executed by an install step.
Credentials
The skill requests no environment variables or credentials. This is proportionate to the simple CLI reference it provides. Note: the SKILL.md implicitly requires a binary that wasn't declared.
Persistence & Privilege
The skill does not request always:true and has no install actions or configuration changes. It does not appear to ask for persistent privileges.
What to consider before installing
This is an instruction-only reference for 'moltbot skills' but the skill metadata omits declaring the 'moltbot' binary it references and provides no description or homepage. Before installing: (1) verify where this skill came from and prefer skills with a clear description and homepage, (2) ensure you have a trusted 'moltbot' binary available if you expect to use these commands, and (3) if you enable autonomous invocation, be cautious because the source is unknown. The inconsistency is likely benign (missing metadata) but warrants manual verification.

Like a lobster shell, security has layers — review code before you run it.

latestvk97az8gkewz3wqmys8bbq1fsys80574y

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments