ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Pa Onboarding

v1.1.1

Step-by-step onboarding guide for setting up a new AI Personal Assistant on OpenClaw. Use when: a new PA is being created, someone asks how to set up an agen...

0· 45·1 current·1 all-time
byNetanel Abergel@netanel-abergel
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill's steps (create agent, get phone number, install WhatsApp Business, connect channels, connect calendar/monday/email, configure SOUL.md) match its onboarding purpose. However, the metadata declares no required binaries, env vars, or config paths while the instructions assume the presence of CLIs and platform features (e.g., 'gog' CLI, OpenClaw platform console, ability to restart gateway, cron). The lack of declared prerequisites is an inconsistency that should be documented for users.
!
Instruction Scope
Most instructions stay within onboarding scope, but there are concerning or conflicting rules: SKILL.md says 'Confirm each step before moving on' but also includes 'Never ask the owner "did you mean X?" if the answer is inferable — execute and let them correct', which can encourage performing actions without explicit owner confirmation. The guide also instructs contacting third parties to 'check on someone' and returning their statements — expected for a PA but a privacy-sensitive action that requires explicit owner consent and audit logging. The skill also prescribes saving tokens and running CLI commands with minimal guidance on permission or secure handling.
Install Mechanism
Instruction-only skill with no install spec or code files; nothing is written to disk by the skill itself. This is the lowest-risk installation model. The runtime instructions assume external tools, but the registry provides no install mechanism.
Credentials
The guide requires service credentials in practice (Google/calendar auth, monday.com API token, Gmail access) and shows examples of storing tokens (e.g., plaintext file at ~/.credentials/monday-api-token.txt). The registry did not declare any required environment variables or credentials. Storing tokens in plaintext and relying on unlisted CLIs or account credentials is disproportionate unless documented and secured; this is a security hygiene concern rather than definite malware behavior.
Persistence & Privilege
The skill does not request always:true and does not modify other skills' configurations. It instructs creating files (credentials file, data/pa-directory.json) and scheduling a cron job (optional) — normal for onboarding but these actions require appropriate filesystem and repo permissions. No evidence of excessive privilege requests in the metadata.
What to consider before installing
This guide is close to what you'd expect for onboarding an AI PA, but review and tighten before installing or following it: - Confirm required tools and permissions: the SKILL.md assumes presence of the 'gog' CLI, OpenClaw console access, ability to restart the gateway, and permission to edit data/pa-directory.json and create cron jobs. Verify these are available and document them in the registry entry. - Fix the conflicting directives: the guide both requires confirming steps and tells the agent to execute inferred intents without asking. Decide on a strict confirmation policy (prefer explicit owner consent for actions that access accounts or contact people). - Handle credentials securely: do not store API tokens in plaintext files without access controls. Use a secrets manager or at least restrictive file permissions, and document where credentials are stored and how they are rotated. - Get explicit owner consent for contacting third parties and for autonomous actions, and enable auditing/logging of those operations. - If you will let an agent act autonomously, restrict which actions it can perform until onboarding is validated. If you need higher assurance, ask the publisher for a short manifest listing required binaries, exact CLI versions, and recommended secure storage/permission practices. If the publisher cannot provide that, treat the guide as informational only and perform sensitive steps manually.

Like a lobster shell, security has layers — review code before you run it.

latestvk97cevc9mf7x5h4js6z63anrbs842y0b

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments