ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Party Planner Pro

v1.0.3

Organize and manage all party details from event setup and guest lists to menus, timelines, budgets, vendors, and day-of logistics for any event type.

0· 64·0 current·0 all-time
by@nollio
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description (party/event planning) align with the files and runtime behavior: SKILL.md, example plans, dashboard spec, and local scripts all implement guest lists, budgets, exports, and dashboards. Minor inconsistency: README and SKILL.md state Python 3.8+ (and Playwright optional) are required for export/report features, but the registry metadata lists no required binaries; the skill will function for core planning without those tools, but export/visual-report features need Python and optional Playwright.
Instruction Scope
SKILL.md confines actions to workspace files (data/events/*.json) and explicitly includes a strong prompt-injection defense telling the agent to treat imported content as data, not instructions. Setup/install instructions ask the agent to create directories and run the included setup.sh which initializes data directories. There is no instruction to read unrelated system files or external credentials. The one caution: SETUP-PROMPT.md encourages pasting a shell-run block into the agent chat — that will execute local shell commands (create dirs, chmod, run setup.sh); users should inspect setup.sh before running.
Install Mechanism
No remote install/download spec — this is instruction-only plus local scripts included in the package. That lowers supply-chain risk. The included scripts operate on local workspace files and set file permissions; the CODEX audit and SECURITY.md assert no outbound network calls. Because scripts will be executed locally, users should still review them; but there are no remote URLs, installers, or extracted archives in the manifest.
Credentials
The skill declares no required environment variables or credentials. The package and docs reference workspace-root detection and some internal env names (e.g., WORKSPACE_ROOT, EVENT_FILE_ENV in the audit notes) used to pass data to scripts — these are local operational variables, not secrets. No cloud API keys, tokens, or unrelated credentials are requested.
Persistence & Privilege
always is false and model invocation is normal (agent-autonomous allowed). The skill writes its own data under skills/party-planner-pro/data/ and adjusts permissions there; it does not request system-wide changes or alter other skills' configurations. Setup.sh creates and locks down directories within the skill workspace (expected behavior).
Scan Findings in Context
[prompt-injection-patterns:ignore-previous-instructions] expected: Static scanner flagged the string 'ignore-previous-instructions' in SKILL.md. This file contains an explicit prompt-injection defense section that intentionally references such phrases to instruct the agent to ignore them; the presence is expected given the skill handles imported guest/vendor data.
[unicode-control-chars] unexpected: Scanner found Unicode control characters in SKILL.md. That can be used for hidden/injection attacks, but it can also appear in documentation or defensive content. Because the SKILL.md contains explicit injection-defense rules and the repo includes a formal audit, this likely explains the presence; still, a manual check of the SKILL.md raw bytes is recommended if you are concerned.
[python-heredoc-interpolation] expected: CODEX-SECURITY-AUDIT.md documents a historical high-severity finding about unquoted heredoc interpolation in scripts (export-plan.sh, budget-report.sh) that could enable code injection. The audit states the issue was fixed by switching to single-quoted heredocs and using environment variables read via os.environ. The presence of that finding in the audit is expected for a package that runs Python from shell scripts; the audit claims it has been remediated.
Assessment
This skill appears to be what it says: a local, file-based party planner. Before installing: 1) Review the included scripts (scripts/setup.sh, export-plan.sh, budget-report.sh) yourself instead of blindly pasting the SETUP-PROMPT block into a privileged shell — the setup block runs shell commands locally. 2) If you intend to use exports/visual reports, ensure Python 3.8+ (and Playwright if you want PNG reports) are available — the registry metadata did not declare these dependencies. 3) Confirm your agent/platform's data retention and network policy; the package's scripts claim no outbound network calls, but your agent or other plugins could add network behavior. 4) Back up any existing workspace data before running setup or uninstall steps. 5) If you handle sensitive guest data (personal contact info, health/allergy details), consider encrypting the workspace or using a platform with appropriate data protections. Finally, the pre-scan flagged prompt-injection patterns appear to be referenced as defensive guidance in SKILL.md, but if you have low tolerance for any ambiguous artifacts (unicode control characters, historical audit notes), inspect the raw files or run the package in a sandbox first.
!
SKILL.md:20
Prompt-injection style instruction pattern detected.
About static analysis
These patterns were detected by automated regex scanning. They may be normal for skills that integrate with external APIs. Check the VirusTotal and OpenClaw results above for context-aware analysis.

Like a lobster shell, security has layers — review code before you run it.

latestvk973r2sh8ymefrtm9xr21v715583zm8h

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments