Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Heleni Meetings
v1.0.0All-in-one meetings skill. Section 1: Schedule a meeting by coordinating with another PA, finding free slots, and sending a calendar invite. Section 2: Paste...
⭐ 0· 58·0 current·0 all-time
byNetanel Abergel@netanel-abergel
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The skill claims to coordinate and book meetings and to summarize meeting notes, which is reasonable, but its runtime instructions call the 'gog' CLI and rely on a local data/pa-directory.json and an OWNER email address. The registry metadata declares no required binaries, no env vars, and no install — yet the instructions implicitly require the 'gog' command and authenticated access to an owner's calendar. That mismatch (no declared requirements but clear runtime requirements) is incoherent.
Instruction Scope
SKILL.md instructs the agent to read data/pa-directory.json (which may contain PII like phone numbers), list/fetch calendar events and create events via the 'gog' CLI, and perform follow-ups within hours. It also contains hardcoded placeholder OWNER_EMAIL values (owner@company.com) without explaining where credentials or auth come from. The instructions do not specify how outbound communications (email/IM) are sent; they only give templates. Section 2 referenced in the skill description (summaries/actions from transcripts) is not present in the provided SKILL.md content, which is another inconsistency.
Install Mechanism
There is no install spec and no code files; that lowers risk because nothing in the package will be written to disk by an installer. However, the instructions still expect external tools (gog) to exist in the runtime environment.
Credentials
The skill declares no required environment variables or primary credential, but the instructions repeatedly use GOG_ACCOUNT and owner email addresses and run commands that require authenticated calendar access. The skill also reads a local pa-directory.json without declaring it. These undeclared secrets/credentials and local file access are disproportionate to the registry metadata and need explicit declaration and justification.
Persistence & Privilege
The skill does not request always:true or other elevated platform privileges and does not claim to modify other skills. It does instruct autonomous follow-ups (timed follow-up messages within business hours), but the skill's flags are default (user-invocable, model invocation allowed). That is normal, though you should be conscious that the agent could autonomously send calendar invites if it has credentials and the platform allows it.
What to consider before installing
This skill's instructions expect a local PA directory file and the 'gog' calendar CLI plus access to an owner's calendar, but the package metadata doesn't declare those requirements or how authentication is handled. Before installing or enabling it: (1) confirm whether your agent environment actually has the 'gog' tool and how it authenticates (service account, OAuth cached creds, etc.); (2) inspect data/pa-directory.json for PII and ensure you are comfortable the agent may read it; (3) ask the skill author to declare required binaries/env vars and to provide the missing Section 2 (transcript summarization) if you need it; (4) if you don't want the agent to autonomously create invites or follow up, restrict its permissions or disable autonomous invocation until you understand how it will send messages; and (5) test in a safe account first (no real calendar invites) to confirm behavior. These mismatches explain why the skill is suspicious rather than clearly benign.Like a lobster shell, security has layers — review code before you run it.
latestvk975g2t9z3qbpg1se1zea266x584bkcz
License
MIT-0
Free to use, modify, and redistribute. No attribution required.