Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Resume Context
v1.0.2ALWAYS use this skill (never memory_search or exec alone) when the user asks about coding sessions, recent dev work, project briefings, or developer notes. T...
⭐ 0· 80·1 current·1 all-time
byNikhil Yachareni@nickleodoen
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description match the included code: the node bridge shells out to a local `resume` binary and caches results in Redis. Requiring `node` and `resume` and a Redis URL is proportional to the stated purpose. However the SKILL.md also instructs the user to set ANTHROPIC_API_KEY and to install `resume` via cargo — those additional external dependencies are not declared in requires.env and are not validated by the bridge, so the skill's metadata is incomplete.
Instruction Scope
SKILL.md tells the agent to search the user's home (find ~ -maxdepth 4 ...) to locate projects. That grants the agent explicit permission to scan large portions of the home directory, which may surface unrelated files. The bridge code itself does not perform the find; it expects a project path argument, so there is an operational mismatch: the instructions require the agent to run shell search commands (not listed in required binaries) to produce that path. The resume CLI invoked by the bridge will call an LLM (per the docs) and may send session/command data to external APIs — this is expected but worth noting for privacy.
Install Mechanism
There is no automated install spec (instruction-only for OpenClaw), which is lower risk for arbitrary downloads. The package.json and package-lock reference vetted npm redis packages only. The SKILL.md instructs installing `resume` via cargo from a GitHub repo — that is an out-of-band install step for the user and not performed by the skill; it's reasonable but should be made explicit in metadata.
Credentials
The skill declares a single required env var (REDIS_URL) and uses it as primary credential — appropriate. However SKILL.md also instructs the user to set ANTHROPIC_API_KEY for the resume CLI; that variable is necessary for `resume` to call Claude but is not declared in requires.env. The bridge inherits process.env when calling the resume binary, so any env the user has (including API keys) could be used by `resume`. This should be documented and surfaced in the skill metadata.
Persistence & Privilege
The skill is not marked always:true and does not request system-wide privilege. It runs on-demand as a user-level bridge script and caches only into the Redis instance you provide. Autonomous invocation is enabled by default (platform default) and not by itself a concern here.
What to consider before installing
Before installing, be aware of three practical risks: 1) The SKILL.md instructs the agent to run a find over your home directory to locate projects — that can touch many personal files; only allow this if you trust the skill. 2) The bridge calls your local `resume` CLI, which in turn calls an LLM (Anthropic) if you set ANTHROPIC_API_KEY — that means session/command data will be sent to external APIs under your API key. The skill metadata does not declare ANTHROPIC_API_KEY, so you should assume resume will use whatever keys exist in your environment. 3) The skill requires you to provide a REDIS_URL; that Redis instance will store cached session output. Only use a Redis instance you control (or a short-lived/isolated one) and avoid sharing production credentials. Additional suggestions: inspect the `resume` binary/source before installing, prefer a local Redis or restricted credentials, and if you want to avoid broad filesystem scans, modify the skill to accept explicit project paths rather than running find.Like a lobster shell, security has layers — review code before you run it.
latestvk979y03579b8fsa5gz1f37krhx83k5a6
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
Binsresume, node
EnvREDIS_URL
Primary envREDIS_URL