Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Exchange Rates
v1.0.1Fetch live exchange rates between any currency pairs from XE.com. Use when: user asks about currency conversion, exchange rates, forex rates, or converting a...
⭐ 0· 3k·9 current·10 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill's purpose (fetch XE exchange rates) matches the included script which uses a headless browser and a fallback API. However, the metadata declares no dependencies or install steps while the script imports 'playwright-core' and expects a browser/CDP service — those runtime requirements are omitted from the skill manifest.
Instruction Scope
SKILL.md and the script scope are limited to scraping XE.com and falling back to an external API, which is appropriate. However the script attempts to connect to a hard-coded CDP websocket (ws://localhost:7002?token=...) — connecting to a local/debugging browser endpoint can expose authenticated browser state (cookies, localStorage) and enables arbitrary page navigation/execution, which is a sensitive capability not documented in SKILL.md.
Install Mechanism
No install spec is provided (instruction-only), but the script requires Playwright and a local CDP endpoint. The lack of an install step or declared runtime dependencies is a packaging/manifest inconsistency (may break at runtime or hide required privileged services).
Credentials
The skill requests no environment variables, yet contains a hard-coded CDP URL with an embedded token in source. Embedding a token in code is unexpected and may be inappropriate; the script also reaches out to an external fallback API (open.er-api.com). The credential-like token is not documented or explained in the metadata.
Persistence & Privilege
The skill does not request always:true, does not modify other skills or system configs, and is user-invocable only. It does not request persistent installation privileges in the manifest.
What to consider before installing
This skill appears to perform XE scraping with a Playwright browser and an API fallback, but there are red flags you should address before installing:
- The script hard-codes a CDP websocket URL including a token (ws://localhost:7002?token=...). Ask the author why a local CDP endpoint and token are required, where that token comes from, and why it isn't declared as a required service or env var.
- A local CDP connection can give the skill access to any browser context on that service (cookies, sessions, localStorage). Only run this skill in a controlled/sandboxed environment where no sensitive browser sessions are exposed.
- The manifest does not declare dependencies (playwright-core, Node fetch availability) or installation steps. Confirm platform provides Playwright and a compatible browser/CDP, or update the skill to declare/install them.
- Prefer removing embedded tokens; if a token is required, it should be supplied via a documented env var or config (and treated as a secret).
If you need this functionality, ask the publisher for an updated manifest that documents required services/dependencies and explains the CDP endpoint/token. If you cannot get that, run the skill in an isolated environment or decline installation.Like a lobster shell, security has layers — review code before you run it.
latestvk97b5eegz0ftjk65sa12vdg80981h5f5
License
MIT-0
Free to use, modify, and redistribute. No attribution required.