ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Skill Auditor & Enhancer

v1.0.0-alpha

Periodically audit all workspace skills, learnings, memory, and configuration files to recommend refactoring, new skill ideas, and workflow improvements. Tri...

0· 104·0 current·0 all-time
by@omaression
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill claims to perform a weekly audit of workspace skills, memory, and config which matches the included scripts (build audit state, merge evaluations, format Telegram). However the SKILL.md also promises automatic delivery to Telegram and cron scheduling while the package declares no required env vars, credentials, or delivery tooling; sending messages externally normally requires a bot token/chat id or a configured platform integration, which is not declared here.
!
Instruction Scope
Runtime instructions explicitly read broad workspace surface (skills/*/SKILL.md, .learnings, SOUL.md, AGENTS.md, USER.md, memory/*.md, etc.), compute hashes, run multi-model evaluation steps, and then 'send recommendations directly to Telegram without user prompting.' Reading those files is coherent for an auditor, but the instruction to send automatically to Telegram (and the cron command that runs the full pipeline autonomously) grants the skill the ability to transmit potentially sensitive workspace data off-agent without any declared transport auth or per-run confirmation.
Install Mechanism
No install spec is present (instruction-only with helper scripts). This is low-risk from an installation/download perspective: nothing is fetched from external URLs or written to unusual system locations by an installer.
!
Credentials
The skill declares no required environment variables or credentials, yet its behavior requires a Telegram delivery channel (bot token / chat id) and will likely need the agent's ability to call external models or the network. Absence of any declared TELEGRAM_* env vars or delivery configuration is a mismatch and hides an implicit need for sensitive credentials. Also the agent will read potentially sensitive workspace files (memory, USER.md, etc.) — this is expected for auditing, but combined with automatic external delivery increases exfiltration risk.
Persistence & Privilege
always:false (good) and disable-model-invocation:false (normal). However the SKILL.md recommends adding a scheduled cron job via the agent (openclaw cron add ...) to run weekly; that grants persistent scheduled execution and requires the agent platform to allow creation of such jobs. Scheduling itself is reasonable for a periodic auditor, but users should be aware the skill requests recurring autonomous runs and an automatic delivery channel.
What to consider before installing
This skill largely implements an internal audit pipeline (scripts are benign and unit-tested), but there are two gaps you should address before installing: - Telegram delivery: the SKILL.md promises automatic Telegram messages but the skill declares no TELEGRAM_BOT_TOKEN, CHAT_ID, or equivalent. Decide where audit messages should go and require explicit, securely stored credentials. Do not rely on implicit or global agent integrations unless you trust them. - Automatic scheduling & data flow: the skill recommends adding a cron job that will read many workspace files (including memory and USER.md) and then deliver results externally. If those files contain secrets or private content, automatic external delivery could leak information. Require a dry-run mode and human approval before enabling scheduled runs or external delivery. Limit the set of files scanned (or redact sensitive files) and verify the 'deliver' step uses only the approved destination. - Validation steps: run the included tests and a dry-run locally to confirm outputs, and inspect any agent-level permissions required to add cron jobs. Add explicit environment variable requirements to the skill metadata (e.g., TELEGRAM_BOT_TOKEN, TELEGRAM_CHAT_ID) and an opt-in confirmation before first send. If you cannot confirm a controlled Telegram target and a secure way to store/send tokens, do not enable the automatic delivery/scheduling features — keep the skill manual and dry-run only.

Like a lobster shell, security has layers — review code before you run it.

latestvk972em3gcwprgdfah25j1sdkgn833psf

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments