ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Heleni Personal CRM

v1.0.0

Personal CRM built on monday.com. Tracks contacts, last interactions, next meetings, and topics. Runs daily to update from Calendar + email. Delivers pre-mee...

0· 35·0 current·0 all-time
byNetanel Abergel@netanel-abergel
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The skill claims to be a monday.com-based personal CRM but its runtime steps require Google Calendar/Gmail credentials and the ability to update a monday.com board and send WhatsApp messages. The registry metadata declares no required credentials or config paths, which is inconsistent with the described operations.
!
Instruction Scope
SKILL.md explicitly sources a .context file and reads /opt/ocana/openclaw/.gog/credentials.json to refresh a Google access token, calls the Google Calendar API via curl, updates monday.com via platform tools, and instructs sending WhatsApp messages — all actions that access local secrets and external services but are not limited or explained in the manifest.
Install Mechanism
This is instruction-only with no install spec or downloads, which minimizes installation risk. However it instructs adding a cron job (persistent scheduled runs), so runtime scheduling is part of its expected system presence.
!
Credentials
The skill expects access to local files containing Google credentials (.gog/credentials.json) and a .context file with board IDs and owner contact details, but the skill metadata did not declare any required env vars or config paths. Reading those files would expose sensitive tokens and personal contact data with no declared justification or least-privilege controls.
Persistence & Privilege
always is false (good), but the skill recommends scheduling itself via openclaw cron. A scheduled skill that can read local credential files and call external APIs increases the blast radius — confirm scheduling scope and runtime account isolation before enabling.
What to consider before installing
Do not enable this skill until the author clarifies and limits its required secrets and file access. Ask the maintainer to: (1) declare required environment variables and config paths (Google Calendar/Gmail credentials, monday.com API token, WhatsApp integration credentials) in the registry metadata; (2) explain exactly how WhatsApp messages are sent and what credentials are used; (3) provide minimal scopes (e.g., calendar read-only, monday.com access restricted to the specific board and columns) and an option to use per-skill credentials rather than global system credentials; (4) show the contents or format of the .context file and confirm it contains no extra secrets; (5) document where credentials are stored, who can read them, and how to revoke/rotate them. If you must test, run the skill in an isolated session with throwaway credentials and audit network calls and file reads. Because the SKILL.md explicitly instructs sourcing files under /opt, treat that as access to sensitive local data until proven otherwise.

Like a lobster shell, security has layers — review code before you run it.

latestvk97eccbhq0gajxtvkqwvpezpts84bc72

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments