ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Intent Align

v2.0.0

Intent-alignment orchestration for OpenClaw agent teams across diverse host environments. Use when work must stay anchored to user goals while allowing flexi...

0· 410·0 current·0 all-time
by@oscraters
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name and description match the content: templates and runtime instructions for running an intent-alignment hub and selecting adapters. Declared requirements are minimal (none), and the adapters documented (local repo, GitHub, generic tracker) are expected for a coordination/orchestration skill.
Instruction Scope
SKILL.md and referenced docs instruct the agent to read the shipped references, create/maintain an alignment hub, run gates, and bind adapters. This scope is appropriate for an orchestration skill. Note: the adapters explicitly describe requiring filesystem or GitHub credentials when those adapters are selected — that behavior is reasonable but means the agent will request access at adapter binding time.
Install Mechanism
Instruction-only skill with no install spec and no code files to execute; lowest-risk installation footprint.
Credentials
The skill itself declares no environment variables, secrets, or config paths. Adapter docs describe requiring credentials (e.g., GitHub token, filesystem access) when those adapters are used — that is proportionate and expected for the described adapters.
Persistence & Privilege
always is false and model invocation is allowed (default). The skill does not request persistent system-wide changes or modify other skills. Autonomous invocation is normal for skills; no additional privileged persistence is requested.
Assessment
This skill is an instruction-only orchestration template and appears internally consistent. It does not ask for credentials or install software by itself, but when you bind adapters (e.g., GitHub, local-repo, tracker) the agent will ask you to provide appropriate access (tokens, filesystem paths, scopes). Before granting access: (1) limit tokens to least privilege (read-only where possible), (2) verify any ad-hoc adapter specs the agent generates (check provenance fields like created_by/created_at and tool_access_required), (3) prefer local or read-only modes if you don't want remote writes, and (4) be cautious allowing autonomous runs that have write access to repositories or trackers — require strictness or manual confirmations for high-risk operations. If you want more assurance, test the skill in a sandbox workspace with limited permissions first.

Like a lobster shell, security has layers — review code before you run it.

latestvk97c5ckcn9q287kkzb9gwx0hvh81wfy8

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments