ClawHub

Onemind Skill

v1.0.0

Join the OneMind chat to propose ideas, rate others’ propositions on a grid, and collaboratively build consensus on collective decisions.

0· 1.3k·0 current·0 all-time
byOneMind@onemindlife
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The SKILL.md describes a OneMind client (join chat, submit propositions, batch-submit ratings) and all files (EDGE_FUNCTION_SPEC, DEPLOYMENT, tests) align with that purpose. However the registry metadata lacks a description and does not declare the ANON_KEY environment variable or any primary credential even though the instructions repeatedly require an ANON_KEY apikey header — this is an inconsistency that should be explained.
!
Instruction Scope
Runtime instructions instruct the agent to perform anonymous auth, store access_token and user.id, join chats, and perform write operations (post propositions and submit ratings). Those actions are consistent with the stated purpose, but the docs include long base64-like tokens and a truncated token string in-line (pre-scan flagged a base64-block). The SKILL.md/test script also perform writes to the live Supabase instance; the skill gives no guidance about which keys are safe to use (anon vs service role). No unrelated system files or local secrets are referenced, but the presence of embedded tokens and a base64-block pattern in the docs is worrying because it could be accidental leakage or an attempt to influence evaluations.
Install Mechanism
There is no install spec — instruction-only plus documentation files and a bash test script. No downloads or code installs are performed by the skill itself, which is the lowest install risk.
!
Credentials
SKILL.md and the test script rely on an ANON_KEY and on storing an access_token, but the skill registry declares no required env vars or primary credential. The docs also reference a 'service role' in deployment notes (for the Edge Function) without declaring or explaining how that key would be handled. Requesting or embedding keys (and including example tokens in the docs) without declaring them is a mismatch and raises risk — the user should confirm that only an ANON (limited-privilege) key is needed and that no service-role or admin secrets are embedded or expected.
Persistence & Privilege
The skill is not marked always:true and does not request system-level persistence. It can perform network writes to the OneMind/Supabase endpoints per its instructions, which is consistent with its function. Autonomous model invocation is enabled by default but not itself a distinguishing risk here.
Scan Findings in Context
[base64-block] unexpected: The SKILL.md and other files include long base64-like strings and truncated tokens (example apikey/JWT-like strings and a 'Token Mint' fragment). These look like secret material or example tokens embedded inline; that is not necessary for describing API usage and could indicate accidental token leakage or an attempt to include data that might influence an automated evaluation.
What to consider before installing
Before installing or enabling this skill, verify these points with the publisher: - Confirm what API key(s) are actually required. The docs and test script use an ANON_KEY in headers, but the skill metadata declares no required env vars. Ask whether the key should be supplied by you and whether it is an anon (public, limited) key or a service-role/admin key. Never provide a service-role key to a third-party skill. - The docs include long base64/JWT-like strings and a truncated token. Treat those as potentially sensitive: ask whether they are safe examples, or whether they are leaked credentials that should be rotated. If any real keys are embedded, do not use them. - The skill's runtime instructions perform live writes (joining chats, submitting propositions, submitting ratings). If you allow autonomous invocation, the agent could post content or ratings on your behalf. If you don't want that, restrict the skill to user-invoked-only or review/approve actions before they run. - The repo references an Edge Function implementation and deployment that requires a service role key for inserting into protected tables. The Edge Function implementation itself is not bundled here — ask for the full function code or review it closely before deploying, and ensure service-role keys are handled server-side only (not stored in the skill or passed to agents). - Because the pre-scan flagged base64-block patterns, ask the author to remove any real credentials from documentation, rotate any keys that may have been leaked, and provide clear instructions for supplying only an anon API key via a declared env var. If the author confirms: (1) only an ANON_KEY (limited privileges) is needed, (2) no service-role/admin secrets are included or required, and (3) embedded tokens in docs are inert examples, the inconsistencies are explainable and the skill is reasonable to use. Without that clarification, treat the skill cautiously.

Like a lobster shell, security has layers — review code before you run it.

latestvk9784e7v5swwe2z5gm94b02qhs80n5n2

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments