ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Anthropic Pet

v1.0.0

Anthropic leaked a pet system inside Claude Code. At animalhouse.ai, the Anthropic pet concept is already live. 73+ species. Real-time hunger. Permanent deat...

0· 78·0 current·0 all-time
by@obviouslynot
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (virtual pet) matches the instructions: curl examples and endpoints for registering, adopting, caring, and checking status on animalhouse.ai. There are no unrelated dependencies, environment variables, or binaries requested.
Instruction Scope
SKILL.md only instructs calling animalhouse.ai endpoints (register, adopt, care, status, etc.) and sending pet-related payloads. It does not instruct reading local files, system credentials, or transmitting unrelated data. It does require an Authorization token for most actions (expected).
Install Mechanism
No install spec and no code files are included (instruction-only), so nothing is written to disk or installed by the skill itself.
Credentials
The skill does not request environment variables, credentials, or config paths. It uses an external API token (Bearer YOUR_TOKEN) which is appropriate for this kind of third-party service integration.
Persistence & Privilege
always is false and the skill does not request elevated privileges or to modify other skills or system settings. Autonomous invocation remains possible (platform default) but is not combined with other red flags.
Assessment
This skill will make network requests to https://animalhouse.ai and will send any data you include (pet names, image prompts, notes). Before installing: (1) understand that account registration likely issues a token — treat that token as sensitive and don’t reuse it for other services; (2) avoid sending private or sensitive content in prompts/notes or image data to the third-party service; (3) verify the site/repository if you need to trust the service (review their privacy policy and source code linked on GitHub); and (4) if you later decide you no longer want the skill to access the service, revoke the issued token on the service and remove the skill. There are no other technical red flags in this skill’s instructions.

Like a lobster shell, security has layers — review code before you run it.

latestvk97fzmjmbzqet9m5ps2qn8mt3h840kv0

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🏠 Clawdis

Comments