ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Ouroboros

v1.0.0

When user message starts with 'ooo', call ouroboros_channel_workflow MCP tool. Do NOT answer the request yourself. Do NOT generate code. Do NOT summarize. Ju...

1· 102·0 current·0 all-time
by@q00
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description say: when message begins with 'ooo', call ouroboros workflow. The SKILL.md declares the required MCP ('ouroboros') and the routing rules necessary to construct tool calls. No unrelated env vars, binaries, or installs are requested.
!
Instruction Scope
The runtime instructions require the agent to forward channel_id, guild_id, user_id, and message_id and to relay the MCP tool's response verbatim without asking clarifying questions or applying any filtering. This gives the external MCP raw conversational context and prevents the agent from exercising normal safety/clarity checks, increasing the risk of leaking identifiers or propagating harmful/unwanted content.
Install Mechanism
Instruction-only skill with no install spec or downloaded code; nothing is written to disk. This lowers supply-chain risk.
Credentials
No environment variables or credentials are requested. However, the skill explicitly requires forwarding platform-specific identifiers (channel_id, guild_id, user_id, message_id). Those are not secrets like API keys but are sensitive context that should be intentionally shared only with trusted MCPs.
Persistence & Privilege
always is false and the skill does not request system-wide changes. It does, however, instruct the agent to defer decision-making to an external tool — a behavioral privilege but not a platform-level 'always' or config modification.
What to consider before installing
This skill forwards user messages plus channel/guild/user identifiers to an external MCP named 'ouroboros' and relays that tool's reply verbatim, while forbidding the agent from asking questions or applying filters. Before installing: (1) confirm you trust the external MCP/operator (they will receive context and IDs), (2) consider whether sending guild/channel/user IDs and message IDs is acceptable for your privacy/compliance needs, (3) ask the publisher for the MCP's homepage or code and for an explanation of what the MCP does with data, and (4) prefer a version that allows minimal filtering or that redacts identifiers if you need stricter controls. If you cannot validate the MCP, treat this skill as high-risk and avoid enabling it in sensitive channels. Additional information that would raise confidence: a verifiable homepage/repository for the MCP, explicit data handling/privacy documentation, and a safety/filtering mechanism that limits what the MCP can send back to the channel.

Like a lobster shell, security has layers — review code before you run it.

latestvk97d2a5k8mj87z0wptd4ne3b5584a4s0

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🐍 Clawdis

Comments