ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Lucky Collaborative Research (Lucky + Jinx)

v1.0.1

Lucky (internet) + Jinx (analysis) collaborative research workflow. Lucky gathers raw data from web sources, Jinx analyzes and structures findings. Use for m...

0· 62·0 current·0 all-time
by@rmbell09-lang
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill's name/description (Lucky gathers web data, Jinx analyzes) aligns with the runtime instructions: use Puppeteer to capture pages, store HTML/text, and post tasks to a local analysis service. However, the instructions presume access to specific local/remote resources (an SSH key at ~/.ssh/lucky_to_mac, a Mac at 100.90.7.148, and a mounted volume '/Volumes/Crucial X10') that are not mentioned anywhere else and are not justified in metadata — this is unexpected and should be explained by the author.
!
Instruction Scope
The SKILL.md tells operators to create directories, capture full page HTML/text, use a local SSH private key to scp files to a hardcoded IP, and POST tasks to http://localhost:3001. These instructions involve reading private files (e.g., ~/.ssh/lucky_to_mac), writing to mounted volumes, and transferring raw HTML (which may contain sensitive data). The doc also contains contradictory guidance: 'No executable content — Only pass text/HTML' vs 'Request execution — ask Jinx to run analysis scripts'. That open-ended ability to execute scripts on a local service increases risk if misused.
Install Mechanism
This is an instruction-only skill with no install spec and no bundled code, so it doesn't install packages or download remote artifacts. That lowers supply-chain risk, but the runtime steps still require external tools (Puppeteer, scp/ssh) which the doc assumes are available.
!
Credentials
The skill declares no required env vars or credentials, yet the instructions explicitly reference sensitive items (private SSH key at ~/.ssh/lucky_to_mac and a target host IP). That mismatch is disproportionate: the skill asks the operator to rely on sensitive local credentials and a remote host without declaring or justifying them. The advice to 'capture everything' increases the chance of collecting credentials or PII from scraped pages.
Persistence & Privilege
always is false and there is no indication the skill requests elevated system privileges or modifies other skills. Still, the workflow encourages broad data collection and writing to external/mounted storage, and it relies on a local analysis service (localhost:3001) which, if present, could be asked to execute arbitrary analysis scripts — increasing blast radius if that service is compromised or misconfigured.
What to consider before installing
This skill is plausible for collaborative scraping + local analysis, but it contains undeclared sensitive operational steps and some contradictions. Before using it, verify these points: 1) The hardcoded SSH key path (~/.ssh/lucky_to_mac) and target IP (100.90.7.148) — remove or replace them with explicit, auditable configuration and never embed private keys in instructions. 2) Confirm you control the remote host and mounted SSD; don't scp data to an unknown machine. 3) Avoid 'capture everything' on pages that may include credentials, PII, or license-restricted content; sanitize and filter before storage/transmission. 4) Clarify whether Jinx is allowed to execute scripts and sandbox it (no internet, least privilege). 5) Because the skill source is unknown and there's no homepage, prefer running this workflow in an isolated environment (dedicated VM or container) and review any SSH keys used — rotate them afterwards. If you cannot get clear, author-provided configuration and assurances about the remote host and key usage, treat this skill as risky and do not run its suggested transfer steps.

Like a lobster shell, security has layers — review code before you run it.

analysisvk977vw94w7sdbwam9a16h6vy6d83mwfklatestvk977vw94w7sdbwam9a16h6vy6d83mwfkmulti-agentvk977vw94w7sdbwam9a16h6vy6d83mwfkopenclawvk977vw94w7sdbwam9a16h6vy6d83mwfkresearchvk977vw94w7sdbwam9a16h6vy6d83mwfkweb-searchvk977vw94w7sdbwam9a16h6vy6d83mwfk

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments