Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Wedding.skill
v1.0.0Your wedding planning co-pilot. Budget tracker that doesn't lie, vendor manager that doesn't forget, seating chart solver that minimizes family drama. 200+ d...
⭐ 0· 64·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description (wedding planning, budget, vendors, seating, timeline) align with the files and instructions. No credentials, binaries, or unrelated install steps are declared. The 'self-learning' claim is vague but could reasonably mean the agent logs decisions to local files; this is not obviously malicious but is imprecise.
Instruction Scope
SKILL.md instructs storing all data under ~/.wedding-skill/ and explicitly claims 'No cloud' and 'No transmission.' However, the file contains pre-scan prompt-injection signals (unicode-control-chars) which may be an attempt to manipulate agents or scanners. Also, being instruction-only, the skill relies on the agent's runtime permissions to read/write files and to contact external services — the docs assert it won't transmit data but that cannot be enforced by the provided files alone.
Install Mechanism
No install spec or packaged binaries are included (instruction-only), so nothing is automatically downloaded or executed. README includes user-facing install commands referencing third-party names (clawhub/hermes/claude copy) but the registry metadata provides no homepage or authoritative source — low install-surface but user should avoid blindly running external install commands from untrusted origins.
Credentials
The skill declares no required environment variables, no credentials, and no config paths beyond a single user-local folder (~/.wedding-skill/). This is proportionate to the stated purpose of local data storage and planning.
Persistence & Privilege
The skill is not always-enabled and does not request elevated privileges. It will store files under ~/.wedding-skill/ if the agent is instructed to do so — that is a limited, local persistence. Note: autonomous agent invocation is allowed by default (platform normal), which would let the agent run the SKILL.md instructions without further prompts; combine that with the prompt-injection signal for extra caution.
Scan Findings in Context
[unicode-control-chars] unexpected: Hidden/unicode control characters are not expected for a wedding-planning instruction document. These are commonly used for prompt-injection/obfuscation and should be examined. Their presence does not prove maliciousness but increases risk and justifies manual review.
What to consider before installing
This skill appears to do what it says (local wedding planning and budgeting) and requests nothing sensitive, but be cautious before installing or enabling it: 1) Manually inspect SKILL.md/README.md for hidden characters or obfuscated content (the scanner flagged unicode control chars). 2) Don't provide any bank/password/API credentials to the skill — none are required. 3) If you want to run it, install from a trusted source or copy the files yourself rather than running unknown install commands in the README. 4) Consider running the skill in a restricted environment or with limited file permissions so it can only write to a dedicated folder. 5) If you need the 'self-learning' feature to be authentic, ask the maintainer how model updates occur — instruction-only skills can't change model weights and likely just append logs. If you want me to, I can highlight the exact lines with suspicious unicode characters or produce a cleaned version of SKILL.md for safer review.Like a lobster shell, security has layers — review code before you run it.
latestvk979d2tcw4wyrb1t10h1prtvth84jc9y
License
MIT-0
Free to use, modify, and redistribute. No attribution required.