Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Supervisor
v1.1.1Central status dashboard for the PA agent. Use when: owner asks 'what's the status', 'what are you working on', 'what's happening', or any status/overview qu...
⭐ 1· 55·2 current·2 all-time
byNetanel Abergel@netanel-abergel
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill's stated purpose — building a status dashboard — aligns with the actions in SKILL.md (reading task files, group contexts, billing JSON, and reporting system health). However, the instructions also perform operations that require external-network checks (curl to Anthropi c API) and git inspection; these capabilities are reasonable for system-health items but are not declared in the skill metadata.
Instruction Scope
Runtime instructions read many files under $HOME/.openclaw/workspace (daily notes, whatsapp DMs, group context and metadata) and use grep, python3, curl, and git. The skill also contains a 'close-the-loop' rule that requires contacting people directly and reporting back — this implies outbound communication but does not specify the channel or authorization. The instructions access private conversation data and may initiate external communication, which is broader than a passive dashboard and should be explicit in metadata/consent.
Install Mechanism
Instruction-only skill with no install spec or code files; nothing is written to disk by an installer. This is the lowest-risk install mechanism.
Credentials
The SKILL.md references an environment variable (ANTHROPIC_API_KEY) when calling an external API, but the skill metadata lists no required environment variables or primary credential. The script also implicitly depends on binaries (grep, python3, curl, git) that metadata doesn't declare. Asking to read WhatsApp DM files and other private files is proportionate to a dashboard only if the user knowingly grants file access; the metadata does not surface these needs.
Persistence & Privilege
The skill is not always-enabled and does not request special platform privileges. It instructs updating local tracking files (tasks.md, billing-status.json, whatsapp memory) which is expected for its function. However, combined with the instruction to contact people directly and the agent's default ability to invoke skills autonomously, this could result in outbound messages or actions if integration for messaging exists — the SKILL.md does not clarify safeguards.
What to consider before installing
This skill mostly does what a 'supervisor' should — read your workspace and produce a report — but there are some gaps you should address before installing:
- Confirm and consent to file access: it reads $HOME/.openclaw/workspace, including WhatsApp DM and group files. Only install if you are comfortable granting the agent access to those private messages and notes.
- Expect required tools and a secret: the instructions call grep, python3, curl, and git, and they use ANTHROPIC_API_KEY for an API check. The registry metadata does not declare these. If you install, ensure those binaries are available and consider whether you want to provide an API key; avoid supplying keys you don't trust the skill with.
- Clarify outbound actions: the skill tells the agent to 'contact that person directly' for follow-ups but doesn't define how. Decide whether the agent should be allowed to send messages on your behalf and, if so, which channel and with what safeguards.
- Ask the author (or maintainer) to update metadata: they should declare required binaries and env vars, and explicitly describe any outbound communication behavior. If you cannot obtain those clarifications, treat the skill as risky and avoid enabling it for sensitive accounts or data.Like a lobster shell, security has layers — review code before you run it.
latestvk97bz3q28rvvk936pcgd0017p9842s4y
License
MIT-0
Free to use, modify, and redistribute. No attribution required.