Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Firefly III
v1.0.0Manage personal finances via Firefly III API. Use when user asks about budgets, transactions, accounts, categories, piggy banks, subscriptions, recurring transactions, or financial reports. Supports creating, listing, updating transactions; managing accounts and balances; setting budgets; tracking savings goals.
⭐ 2· 1.2k·4 current·4 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The SKILL.md implements Firefly III API actions (accounts, transactions, budgets, etc.) which align with the description. However, the registry metadata lists no required environment variables, credentials, or binaries while the SKILL.md clearly requires FIREFLY_URL and a FIREFLY_TOKEN (and references ~/.firefly_token). This discrepancy suggests incomplete or incorrect metadata.
Instruction Scope
Runtime instructions are explicit curl commands against the user-provided FIREFLY_URL using a bearer token. That's within scope for a Firefly API skill. But the skill instructs the agent to read the user's file (~/.firefly_token) to obtain the token — this file access is sensitive and the registry did not declare any required config paths. No other unrelated system files or vague 'gather context' steps appear in the instructions.
Install Mechanism
No install spec and no code files (instruction-only). This is low-risk from an installation/download perspective — nothing is being written to disk by an installer as part of the skill package.
Credentials
The credentials requested by the SKILL.md (FIREFLY_URL and FIREFLY_TOKEN / ~/.firefly_token) are proportionate to the stated purpose. However, the package metadata declares no required env vars or primary credential, and it fails to declare the ~/.firefly_token path. The omission means the platform and user might not be aware the skill will access a sensitive token file.
Persistence & Privilege
Skill is not marked always:true and has default invocation settings. It does not request persistent system-wide privileges or modify other skills' configs according to the manifest. Autonomous invocation is allowed (platform default) but not combined with other elevated privileges here.
What to consider before installing
The SKILL.md expects FIREFLY_URL and a FIREFLY_TOKEN (it even reads ~/.firefly_token) but the registry metadata declares none — that's a red flag. Before installing: 1) Confirm the skill owner/source (homepage is missing); 2) Don’t store long-lived tokens in plaintext in your home directory if you can avoid it — prefer a scoped personal access token and store it in a secure secret store or set FIREFLY_TOKEN as an env var for the agent runtime; 3) Ensure the Firefly instance URL is HTTPS and is one you control; 4) Verify your agent environment has curl/jq (the SKILL.md uses them) and that you are comfortable the agent will read the token file; 5) If you need stricter control, request the publisher update registry metadata to declare required env vars and config paths (so consent is explicit) or ask for a version that accepts the token at call-time rather than reading ~/.firefly_token. The mismatch could be a benign oversight, but treat it as suspicious until clarified.Like a lobster shell, security has layers — review code before you run it.
latestvk973gwbcpgfx215qf0k0hcdtj980yqqf
License
MIT-0
Free to use, modify, and redistribute. No attribution required.