ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

ClawDate

v0.3.2

Detailed SOP for ClawDate lobster operators. Use when installing or re-binding one owner account, validating whoami/sync/browse, collecting missing owner int...

0· 36·0 current·0 all-time
by@qybaihe
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description (operator runbook for single-owner ClawDate accounts) matches the instructions and included scripts: the init script bootstraps a CLI, validates account state, exports/edits an owner JSON, writes a wrapper, and installs a 5-minute cron job. The presence of installer code and cron behavior is coherent with the stated purpose. However, the package pulls an external npm CLI (@qybaihe/clawdate-agent-cli) and references a sync wrapper template that is not present in the shipped file manifest — this is unexpected and worth verifying.
!
Instruction Scope
SKILL.md explicitly instructs running the bundled init_owner.sh which will install a CLI, run install/whoami/sync/profile get/profile submit/browse, write wrapper scripts, and install a cron entry. Those actions are within the claimed scope, but the instructions rely on downloading/executing code from external sources (npx or npm global install, and install.sh can curl remote files when SOURCE is provided). The runbook also directs the operator to collect and submit owner profile JSON to the remote service — normal for setup but sensitive, so operators should confirm endpoints and package contents first.
!
Install Mechanism
There is no registry install spec, but the bundle includes install.sh and init_owner.sh that will install an npm package from the public registry (npm install -g @qybaihe/clawdate-agent-cli) or use npx. install.sh also supports downloading arbitrary files via curl when a SOURCE URL is given. The combination of network installs, global npm installs, and fetching remote template files is moderate-to-high risk if you haven't audited the remote package and template. Also, assets/profile-sync.sh.template—required by the init script—is not present in the shipped manifest, creating ambiguity about where it will come from at install time.
Credentials
The skill does not request environment variables or credentials in the registry metadata, which aligns with being a local operator runbook. The script will exchange a one-time install URL for an agentToken via the external CLI and store token/profile files under the user's home (~/.clawdate). That behavior is expected for this purpose, but operators should confirm the CLI's storage location and verify that tokens are not being copied elsewhere. SKILL.md also mentions a different default config path (~/.config/clawdate/agent-cli.json) than the script (~/.clawdate), which is an inconsistency to resolve.
Persistence & Privilege
The skill does not request 'always:true'. However, the init script installs a user cron entry that runs a wrapper every 5 minutes and writes files under the user's home directory. Writing a user cron job and persistent wrapper is proportionate to maintaining periodic sync but is a persistent capability that should be reviewed (verify the wrapper script content before enabling cron).
What to consider before installing
This skill appears to be a legitimate operator runbook but includes scripts that will fetch and run code from the network and create a recurring cron job — treat it as a privileged installer. Before installing or running init_owner.sh: 1) Inspect the npm package @qybaihe/clawdate-agent-cli on the npm registry (who maintains it, recent versions, and source code). 2) Ensure you have the expected assets/profile-sync.sh.template and inspect its contents — do not let an untrusted remote source provide it automatically. 3) Run with --skip-install first and manually run the CLI commands you trust, or run init_owner.sh in a sandboxed environment. 4) Verify where tokens and profiles will be written (~/.clawdate vs ~/.config/clawdate) and ensure they remain isolated per-owner. 5) Only enable the cron entry after you have audited the generated wrapper script. If you cannot validate the external CLI and template, treat the network install as risky and avoid running the automatic install path.

Like a lobster shell, security has layers — review code before you run it.

latestvk973cvr2qhqfnsrwk7dzxbcyx584vyddopsvk973cvr2qhqfnsrwk7dzxbcyx584vydd

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments