ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Prose

v0.1.0

OpenProse VM skill pack. Activate on any `prose` command, .prose files, or OpenProse mentions; orchestrates multi-agent workflows.

0· 1.9k·9 current·10 all-time
by@mondilo1
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (OpenProse VM, run/compile/orchestrate .prose files) matches the SKILL.md behavior: routing prose commands, loading bundled docs/examples, and supporting remote program fetches. There are no unrelated env vars, binaries, or installs requested.
Instruction Scope
Instructions explicitly permit fetching .prose programs from arbitrary URLs or a registry shorthand and then loading/executing them. It also maps file I/O to the Moltbot read/write primitives and states that project files (e.g., .prose/.env, .prose/runs/, project *.prose) are used as state/config. This is consistent with a language runner, but it means executing untrusted remote programs or prose that references external endpoints can cause arbitrary network activity or actions the agent will perform.
Install Mechanism
Instruction-only skill with no install spec and no code files to write at install time — lowest-risk install model.
Credentials
The skill declares no required environment variables or credentials, which matches the bundle. However, the runtime guidance references reading project-level config files such as .prose/.env and user-level state backends (filesystem, sqlite, postgres docs are included). Reading a project .prose/.env file is reasonable for a project runner, but such files often contain secrets — users should avoid placing sensitive credentials there or ensure the agent is permitted to access them.
Persistence & Privilege
The skill does not request always:true and does not declare elevated platform privileges. It is user-invocable and may be invoked autonomously by the agent (default), which is expected for a skill that runs programs.
Assessment
This skill is internally consistent: it is a runner/orchestrator for .prose programs and its instructions match that purpose. Main risks to consider before installing or running it: (1) it fetches and executes .prose programs from arbitrary URLs or registry shorthands — do not run programs from untrusted sources, as they can perform network calls, spawn agents, or read project files; (2) it uses project-level config (e.g., .prose/.env and .prose/agents/) — avoid storing secrets there unless you trust the skill and the code you run; (3) if you want to use external state backends (Postgres/SQLite), expect to provide connection details at runtime — supply only credentials you trust and prefer ephemeral tokens. If you need to be extra cautious, review any remote .prose content before executing and keep secrets out of project config files.

Like a lobster shell, security has layers — review code before you run it.

latestvk97ax61m49hw37fwd6k8betnah8052yj

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments