ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

StockIndexMonitoringAI

v1.0.0

向用户返回Hello World问候,支持自定义名称

0· 46·0 current·0 all-time
by@quant520
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
Registry metadata (Name: StockIndexMonitoringAI, Slug: stock-index-monitoring-ai, Owner ID: kn741...) claims a different purpose than the included files. Both SKILL.md and _meta.json implement a 'hello-world' skill and the _meta.json ownerId/slug differ from the registry values. This mismatch suggests packaging or publishing errors or possible mislabeling.
Instruction Scope
SKILL.md contains only a tiny, well-scoped Hello World instruction set (respond with 'Hello <name>' or 'Hello World'). It does not instruct reading files, env vars, or calling external endpoints.
Install Mechanism
No install spec and no code files beyond SKILL.md/_meta.json. Instruction-only skills have minimal on-disk footprint and no third-party downloads.
Credentials
The skill declares no required environment variables, no credentials, and the instructions do not reference any secrets or config paths.
Persistence & Privilege
The skill is not always-enabled, does not request elevated persistence, and contains no install-time behavior that would modify other skills or global config.
What to consider before installing
This package appears to contain a harmless Hello World skill, but the registry metadata (name/slug/owner) does not match the files inside. Before installing: 1) Verify the publisher/owner and confirm which skill you intended to install (hello-world vs stock-index-monitoring). 2) If you expected a stock index monitor, do NOT install this — it does not provide that functionality. 3) Ask the registrant to correct metadata or provide the correct package. 4) If you only wanted a Hello World skill, it's low-risk but still unusual packaging; consider installing only from trusted/verified publishers. The mismatch could be an innocent publishing mistake, but it could also indicate mislabeling or supply-chain confusion, so proceed cautiously.

Like a lobster shell, security has layers — review code before you run it.

latestvk9764zry7vccj1cr5brnym7bkd83gexg

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

👋 Clawdis

Comments