Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Ai Pa
v1.0.2AI Personal Assistant network skill for multi-agent PA coordination. Use when: contacting another PA, coordinating with peer agents, scheduling meetings betw...
⭐ 0· 56·1 current·1 all-time
byNetanel Abergel@netanel-abergel
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description match the instructions: the skill coordinates PAs, looks up contacts, schedules meetings and broadcasts messages. However, the instructions assume tooling (the 'gog' CLI, python3, messaging via JIDs) and an absolute primary source file (/opt/ocana/openclaw/workspace/PA_LIST.md) without declaring required binaries or credentials — this omission is unexpected.
Instruction Scope
The SKILL.md tells the agent to source /opt/ocana/.../.context (which may expose environment variables like OWNER_PHONE, JID_PA_ONBOARDING), read/write data/pa-directory.json, and run commands that will authenticate (gog auth add). Sourcing an absolute .context file and instructing to create/modify files in the workspace expand the skill's data access surface and may expose secrets or other agent state not justified solely by the description.
Install Mechanism
Instruction-only skill with no install spec or code files; this is low-risk in terms of arbitrary code downloads. There is no installer or archive extraction.
Credentials
The skill declares no required env vars or primary credential, yet it uses environment-like variables (GOG_ACCOUNT) and the 'gog' CLI for calendar/email/auth flows — i.e., it effectively requires account credentials but doesn't declare them. It also instructs sourcing a .context file that could contain sensitive credentials. The lack of declared credentials is disproportionate to the actual operations described.
Persistence & Privilege
always:false (good). The skill does instruct writing to data/pa-directory.json and suggests running 'gog auth add' which will persist auth state via the gog CLI; it does not ask to modify other skills or system-wide agent settings. Because the agent can invoke skills autonomously by default, access to persisted credentials (from .context or gog auth) would increase blast radius — consider that when deciding whether to allow the skill.
What to consider before installing
This skill mostly does what it says (coordinate PAs) but the instructions raise three practical concerns you should check before enabling it:
- Review and sanitize the .context file path referenced (/opt/ocana/openclaw/workspace/skills/ai-pa/.context). That file may contain environment variables or tokens — ensure it does not hold secrets you don't want the skill to read.
- The SKILL.md expects the 'gog' CLI and python3 but declares no required binaries or environment variables. If you adopt this skill, verify 'gog' is installed from a trusted source and understand how 'gog auth add' will store credentials (don't reuse shared or high-privilege keys).
- The skill reads and writes data/pa-directory.json and refers to a global PA_LIST.md. Make sure file permissions and workspace isolation are appropriate (run in a sandbox if unsure) and check the directory contents for any sensitive contact data you don't want the skill to transmit.
If you cannot confirm those points, or if you want to limit risk, avoid enabling autonomous invocation for this skill, run it in a restricted environment, or request the author to (a) declare required binaries/env vars and (b) remove sourcing of absolute context files or explicitly document what .context contains.Like a lobster shell, security has layers — review code before you run it.
latestvk972jzw2mqtazshv3h50ydj23x8466gt
License
MIT-0
Free to use, modify, and redistribute. No attribution required.