ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Muse — Creative Content

v1.0.0

Creative content writer — blog posts, social media copy, newsletters, landing pages, email sequences. Audience-aware storytelling with engagement hooks. Use...

0· 29·0 current·0 all-time
by@renoblabs
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
Crypto
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description (creative content writer) align with the SKILL.md outputs (blog posts, social copy, newsletters). Nothing in the content suggests it needs broad system access. However, the doc references an external hire flow and ETH pricing that imply payment/network operations not reflected in the declared requirements.
!
Instruction Scope
SKILL.md tells the agent to run a CLI command (mltl hire --agent 44230 --task ...) and lists prices in ETH. The skill metadata declares no required binaries, no network endpoints, and no credentials. That is an inconsistency: the instructions assume the ability to run an external tool and possibly make payments, but do not declare those runtime needs or what credentials/wallet would be used.
Install Mechanism
This is an instruction-only skill with no install spec and no code files, so there is no install-time code to evaluate. That minimizes on-disk risk.
Credentials
The doc references ETH payments (0.002 ETH) but the skill declares no environment variables, wallet keys, or payment credentials. If the agent were to act on the hire command it would likely require a signing wallet or API key; the absence of declared credentials is an unexplained gap.
Persistence & Privilege
Flags show always:false and normal autonomous invocation settings. The skill does not request persistent system privileges or to modify other skills. Autonomous invocation is allowed by default; combined with the CLI/payment mismatch this increases the importance of verifying runtime behavior before giving it permissions.
What to consider before installing
This skill appears to do what it says (content creation) but the runtime instructions tell the agent to use an external CLI (mltl) to 'hire' agents and list ETH prices, yet the skill declares no required binary or wallet credentials. Before installing: 1) Ask the publisher what 'mltl' is, whether that CLI will be invoked, and whether it requires network access; 2) Confirm how payments are handled and whether any wallet private keys or payment credentials will be needed or stored; 3) If you don't want the agent to make external hires or payments, block autonomous invocation or deny permission for running external commands; 4) Run in a restricted environment or request more complete metadata (required binaries, endpoints, and credential requirements). These inconsistencies justify caution.

Like a lobster shell, security has layers — review code before you run it.

latestvk975v144dwdqe8j9krttwzwr9584ece3

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments