ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Kefir Batch Manager

v1.0.0

Comprehensive kéfir batch management system with cycle tracking, intelligent reminders, grain health monitoring, and recipe management. Use when managing kéf...

0· 509·0 current·0 all-time
byPaul Salmon@p-salmon
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
Name/description match the included scripts' primary functions (batch tracking and ratio calculation). However SKILL.md advertises additional capabilities (reminder_scheduler.py, grain_health.py, learning/adaptive behavior, visual guides, recipe_templates) that are not present in the file manifest. That mismatch is disproportionate to the declared deliverables.
!
Instruction Scope
Runtime instructions mention scheduling reminders, photo documentation, grain health diagnostics and learning from environment. The provided scripts implement basic local batch tracking and ratio calculations only; there is no scheduler, no learning component, and no image handling code. The instructions also reference files/assets that are not present. The mismatch means the agent could be instructed to perform actions the code cannot implement.
Install Mechanism
No install spec (instruction-only with packaged scripts). Nothing is downloaded or executed automatically during install; code is static and included in the package. This is a low-risk installation mechanism.
Credentials
The skill requests no environment variables, no credentials, and does not reference system config paths. The included scripts read/write a local kefir_batches.json in the working directory only, which is proportionate to the stated purpose.
Persistence & Privilege
always:false and normal model invocation settings. The skill stores batch history to kefir_batches.json in the current directory (local persistence), which is reasonable for a tracker and does not request elevated system privileges.
What to consider before installing
This package contains two benign-looking Python scripts that handle local batch tracking and ratio calculations and will read/write kefir_batches.json in the working directory. However, SKILL.md promises extra features (reminders, grain health scripts, image assets, and a learning component) that are missing from the manifest — the package appears incomplete. Before installing or enabling: 1) ask the author for the missing files (reminder_scheduler.py, grain_health.py, images/templates) or an updated manifest; 2) if you proceed, run the code in an isolated/sandbox environment and review the scripts yourself (they are short and readable) to confirm there are no network calls or hidden behavior; 3) back up your working directory because the scripts will create/modify kefir_batches.json; and 4) do not assume the advertised 'learning' or reminder features exist until you see the corresponding code. The inconsistencies are likely sloppy packaging rather than malicious intent, but verify before granting broader access or using in production.

Like a lobster shell, security has layers — review code before you run it.

latestvk970a0k4sydt1vtaq4hnjhpnk581ntc9

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments