ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

transcript triage

v1.0.1

Parses long transcripts into topics under ordered lists, to triage in your notes system

0· 462·1 current·1 all-time
byNicholas Frota@nonlinear
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name, description, and SKILL.md all describe parsing user-supplied transcripts into categorized lists (NOW/LATER/BACKLOG/DECISIONS). There are no declared binaries, env vars, or installs that are unrelated to this purpose.
Instruction Scope
Instructions are limited to parsing a provided transcript and producing a triage-formatted markdown output. However, the 'Integration Points' mention auto-adding NOW items to 'current epic-notes/', suggesting writing to project paths, and logging DECISIONS to 'memory/YYYY-MM-DD.md'. The skill does not declare config paths or details for these integrations, so the exact scope (local file writes, external APIs, or other skills) is ambiguous.
Install Mechanism
Instruction-only skill with no install spec or external downloads; nothing is written to disk by an installer and no third-party packages are pulled in by the skill itself.
Credentials
The skill declares no environment variables or credentials, which is appropriate for its described functionality. That said, the listed integration points imply interactions with other systems (Backstage, ROADMAP, Memory) that would typically require configuration or credentials; those are not requested or documented here.
Persistence & Privilege
always:false and no install-time persistence requested. The skill suggests writing triage results to other systems/files, but it does not request persistent privileges or modify other skills' configurations in its instructions.
Assessment
This skill appears coherent: it will parse transcripts you supply and produce categorized markdown lists. Before installing/using it, confirm how the agent will perform the listed 'integration' steps: where exactly will 'current epic-notes/' and 'memory/YYYY-MM-DD.md' be written, and what credentials (if any) are needed to push items to Backstage/ROADMAP/Memory systems? If you plan to feed sensitive transcripts into this skill, be sure you trust the agent's execution environment and any external LLMs or services you invoke. If you see follow-up versions that request environment variables, config paths, or remote-download installs, re-evaluate those changes because they would materially affect the risk profile.

Like a lobster shell, security has layers — review code before you run it.

latestvk97124ss6mmr9p4rfa9ggk2jvx81q53z

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments