Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Eval
v1.1.1Evaluate everything the PA agent manages — tasks, skills, PA network health, billing, calendar connections, and memory quality. Use when: owner asks for an e...
⭐ 0· 59·1 current·1 all-time
byNetanel Abergel@netanel-abergel
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The skill's stated purpose is to evaluate the agent's tasks, integrations, billing, calendar, and memory — that purpose legitimately requires checking local state and integration tokens. However, the skill metadata declares no required environment variables, credentials, or config paths while the instructions reference many local files and tokens (e.g., /opt/ocana/... files, $HOME/.credentials/monday-api-token.txt, ANT HROPIC_API_KEY). The omission of these required inputs in metadata is disproportionate and misleading.
Instruction Scope
SKILL.md explicitly instructs the agent to source a local .context file and to read numerous files and run shell/python/curl/git commands against paths like /opt/ocana/openclaw/workspace/* and $HOME/.openclaw/workspace/*, and to read token files and env vars to test APIs. These actions go beyond a simple checklist and access potentially sensitive credentials and owner data (owner phone, tokens, billing JSON). The instructions grant broad discretion to read system state and secrets without documenting limits.
Install Mechanism
There is no install spec and no code files — the skill is instruction-only. That reduces the risk of arbitrary code being fetched or executed from untrusted sources.
Credentials
Although the skill metadata lists no required env vars or config paths, the runtime steps depend on env vars and files (e.g., ANT HROPIC_API_KEY, $HOME/.credentials/monday-api-token.txt, various workspace files and .context values like GOG_CREDS or MONDAY_TOKEN_FILE). Requesting access to multiple local credential sources without declaring them is disproportionate and increases the potential for secret exposure.
Persistence & Privilege
The skill is not always-on and is user-invocable (defaults). It does not request permanent inclusion or declare modifications to other skills or system-wide settings. Autonomous invocation is allowed by platform default, which increases blast radius in general, but this skill does not request extra persistence privileges.
What to consider before installing
This skill will read many local files and tokens (billing-status.json, workspace files, .context, $HOME/.credentials/monday-api-token.txt, and environment variables like the Anthropic API key) but the package metadata doesn't declare those requirements — that's a red flag. Before installing or enabling this skill: 1) Ask the publisher to explicitly list required env vars and config paths and justify why each is needed. 2) Inspect the .context file and any referenced credential files to see what secrets would be read; remove or rotate secrets you don't want the skill to access. 3) Run the skill in a sandboxed/test account or container with read-only copies of workspace files and fake tokens first. 4) If you must run it in production, restrict the skill's access to the minimal files and tokens required and consider rotating any tokens used for testing. If the publisher provides a clear, documented list of required inputs and a justification, this assessment could be re-evaluated; as-is the omission of declared credentials/config paths makes the skill suspicious.Like a lobster shell, security has layers — review code before you run it.
latestvk97a2jy6wkrrfsmvgsvt6ynhrn8476g2
License
MIT-0
Free to use, modify, and redistribute. No attribution required.