ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Skill Rating Comparator

v1.0.0

自动搜索同类技能,按功能、代码、文档、评价、更新和安装六维度评分,生成对比报告和优化建议。

0· 97·0 current·0 all-time
by@rfdiosuao
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description, SKILL.md and source code are aligned: the package is intended to find skills on ClawHub/GitHub and produce multi‑dimension comparison reports. However there are inconsistencies: SKILL.md lists runtime dependencies (node-fetch, cheerio) that do not appear in package.json, the implementation uses mock data and TODO comments instead of real API calls, and the package is described as 'instruction-only' despite including runnable source and tests. These mismatches are not necessarily malicious but are unexpected and reduce confidence in the implementation.
Instruction Scope
SKILL.md instructs the agent to search ClawHub and GitHub and to analyze SKILL.md/README/code of target skills — which is appropriate for this tool. The instructions do not ask the agent to read unrelated system files or request unrelated credentials. However the SKILL.md contains a detected 'unicode-control-chars' injection signal (see scan findings) that could attempt to manipulate downstream prompt processing; this needs review.
Install Mechanism
There is no install spec (no downloads or extract steps) which is lower risk. The repository includes source and package.json, but no runtime dependencies are declared for node-fetch/cheerio even though SKILL.md mentions them. Installing/building the package in your environment would involve running npm install/build; that is standard but verify declared dependencies before running.
Credentials
The skill declares no required environment variables or credentials (primary credential: none), which is proportionate for a public web-scraping/analysis tool. In practice a production implementation that calls GitHub or ClawHub APIs may need tokens (not requested here). Absence of credential requests is safer, but also suggests the shipped code currently uses mock data / is incomplete.
Persistence & Privilege
always: false (normal). The skill does not request persistent system privileges or to modify other skills. No indication it will force-enable itself or alter agent/global configs.
Scan Findings in Context
[unicode-control-chars] unexpected: The SKILL.md was flagged for Unicode control/hidden characters. This is not expected for a normal README/SKILL.md and can be used to manipulate prompt parsing or hide content. It should be inspected (show invisible characters) and removed if found. The rest of the codebase does not obviously rely on hidden control characters.
What to consider before installing
This skill appears to implement a legitimate feature (compare skills on ClawHub/GitHub), but there are several red flags you should consider before installing or running it: - Inspect SKILL.md and README for hidden/unicode control characters. These can be used to manipulate prompts; if present, remove them or reject the package. - Review the source locally. The implementation currently uses mock data and TODOs instead of real API calls; if you expect production behavior, ask the author for a complete implementation or inspect code paths that fetch external data. - Check package.json and declared dependencies. SKILL.md lists node-fetch and cheerio but they are not in package.json; installing/building could fail or the author may expect the runtime to provide them. Add only trusted dependencies and run npm audit before installing. - Because the skill interacts with external services (GitHub/ClawHub), consider running it in a sandboxed environment (container) first to observe network behavior and avoid exposing local files. - If you want full functionality, confirm whether the skill will require API credentials (GitHub token, ClawHub token) and only provide least-privilege tokens with appropriate scope. The current package does not request credentials, but a future/complete implementation likely will. If you are not comfortable reviewing code or handling hidden characters, prefer a skill from a known author or an official marketplace listing with clear provenance.

Like a lobster shell, security has layers — review code before you run it.

latestvk97fp8qzypjf4g8atw6pwck9p183dz9r

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments