Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Relationship Buddy
v1.0.3Track the people you care about with contact details, key dates, preferences, interaction logs, and personalized timely reminders to nurture your relationships.
⭐ 0· 59·0 current·0 all-time
by@nollio
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
Name/description match the included files: contact JSON schema, reminders, examples, migration script and dashboard spec all align with a personal CRM. There are no unexpected environment variables, binaries, or hidden install steps in the skill package itself.
Instruction Scope
SKILL.md tightly documents local data files and strong prompt-injection defenses. One behavioral tension: the skill describes 'learning over time' and 'update the relevant contact profile automatically' but also says to 'confirm briefly' — automatic updates from conversational text could lead to unintended storage of sensitive details unless the agent's confirmation behavior is strict. The SETUP-PROMPT instructs the user to run shell commands to create data directories and copy config; these are local and reasonable but you should only paste them if you trust the skill source.
Install Mechanism
This is an instruction-only skill (no install spec). The only executable file is a local bash/python migration script which reads a CSV and writes to data/contacts.json; it has reasonable safety checks (refuses symlinks, umask 077, sets file permissions). No network downloads or arbitrary code pulls are present in the package.
Credentials
The skill requests no credentials or env vars. However, the dashboard-kit and DB schema reference Supabase/Postgres and a Next.js API — if you later enable that dashboard or connect a remote DB you will need service credentials. The packaged skill itself does not ask for them, but the docs imply an optional cloud/backend integration that would require credentials.
Persistence & Privilege
always is false and the skill doesn't request system-wide persistence or modify other skills. It creates and uses files under data/relationship-buddy/data which is appropriate for a local personal CRM. The migration script enforces owner-only permissions.
Scan Findings in Context
[prompt-injection-pattern:ignore-previous-instructions] expected: SKILL.md contains an explicit 'Prompt Injection Defense' section which explains the exact pattern 'ignore previous instructions' should be treated as data; the scanner flagged the pattern because it's present in defensive guidance rather than as a malicious instruction.
[unicode-control-chars] expected: Scanner detected unicode control-character sequences in SKILL.md (often used in tests or to illustrate attack vectors). Here they appear in the prompt-injection defense context; nevertheless, review the raw files to ensure no hidden/obfuscated characters alter instructions.
Assessment
This package is internally consistent with its stated purpose (a local personal CRM). Before installing: 1) Only paste the SETUP-PROMPT shell block if you trust the skill source and are comfortable creating files under data/relationship-buddy; it performs only local cp/mkdir/chmod operations. 2) Be aware the agent is designed to learn from conversational mentions — confirm how/when it auto-saves details so you don't unintentionally persist sensitive notes. 3) The included migration script is local-only and includes safety checks (no symlinks, umask, file perms); review the CSV you import and run it from a trusted environment. 4) The dashboard kit and SQL/APIs mention Supabase/Next.js — if you later enable a dashboard or remote DB, you'll need to supply credentials; review that integration carefully and prefer local-only storage if you want to avoid third-party hosting. 5) The SKILL.md includes explicit prompt-injection defense, but the scanner flagged injection patterns and unicode control chars; inspect the raw SKILL.md for any hidden characters and confirm the defensive text is not accidentally executable. If you want higher assurance, run the skill in an isolated environment, enable OS-level disk encryption, and back up (or periodically inspect) the data directory permissions.SKILL.md:26
Prompt-injection style instruction pattern detected.
About static analysis
These patterns were detected by automated regex scanning. They may be normal for skills that integrate with external APIs. Check the VirusTotal and OpenClaw results above for context-aware analysis.Like a lobster shell, security has layers — review code before you run it.
latestvk974htmj857xdm4ew382ew16nd83y5y7
License
MIT-0
Free to use, modify, and redistribute. No attribution required.