ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Fomo Research (DEPRECATED)

v0.2.0

Smart money research via Fomo social graph. Track top traders, monitor live trades, build watchlists — all from your agent. Powered by fomo.family, built by...

0· 807·1 current·1 all-time
by@pooowell
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The skill's metadata advertises 'smart money research' capabilities, but the SKILL.md contains only a deprecation notice and no implementation. This is an intentional mismatch (the skill no longer provides the claimed functionality) rather than evidence of malicious behavior.
Instruction Scope
The runtime instructions merely instruct users to run 'npx clawhub install fomo-research' and state the skill is deprecated. The instructions do not read files, environment variables, or perform unexpected actions, but they do recommend running an npx command (which would fetch remote code) if the user follows the suggestion.
Install Mechanism
There is no install specification and no code files. The skill itself does not install or extract anything. The only install-related text is a user-facing suggestion to run an npx installer for a replacement skill.
Credentials
The skill declares no required environment variables, credentials, or config paths and the instructions do not reference any secrets.
Persistence & Privilege
The skill does not request persistent presence (always:false) and does not attempt to modify other skills or system settings. Model invocation defaults are unchanged.
Assessment
This skill is deprecated and harmless — it only tells you to install the replacement 'fomo-research'. If you want the functionality, do not install this deprecated package; instead inspect the replacement before running any installer: verify the package name and author on the registry (npm/GitHub), review its README or source if available, and be cautious when running 'npx' since it downloads and executes remote code. If you don't want to install anything, you can safely ignore this skill.

Like a lobster shell, security has layers — review code before you run it.

latestvk9756w7cpsvnctw1gf012v6h3h814589

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments