ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

HiFi Advisor

v1.0.0

Evaluate hi-fi and audio gear options, build system recommendations, guide installation and tuning, and analyze used-market pricing/resale value. Use when us...

0· 310·0 current·0 all-time
by@ruodong
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the provided assets: workflow templates, checklists, and a small price-stats script for used-market analysis. Nothing requested (no env vars, no binaries, no config paths) is unrelated to giving audio advice and pricing analysis.
Instruction Scope
SKILL.md stays on topic: it lists question flows, checklists, and instructs running the included script only when the user supplies a CSV. It does not instruct the agent to read arbitrary system files, contact unknown endpoints, or exfiltrate data.
Install Mechanism
No install spec included (instruction-only plus one benign script). The Python script is small, local, and non-obfuscated; there are no downloads or archive extraction steps.
Credentials
The skill requires no environment variables or credentials. The only runtime action is optionally running a local Python script against user-provided CSV data, which is proportional to the stated price-analysis purpose.
Persistence & Privilege
always is false and the skill doesn't request system-wide modification or persistent privileges. Autonomous invocation is allowed by default but combined with the limited scope there is no elevated privilege request.
Assessment
This skill appears coherent and low-risk: the included Python script performs only local CSV parsing and summary printing and the markdown workflows/checklists are on-topic. Before running the script, only run it on CSVs you trust (it reads local files but doesn't transmit data). If you plan to let an agent run skills autonomously, remember it could execute the provided script—ensure your runtime environment restricts untrusted code execution. If you want extra assurance, open and review scripts/price_stats.py yourself (it's short and readable) before use.

Like a lobster shell, security has layers — review code before you run it.

latestvk976dz346k3tt8pbvwz11d7np181ye5d

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments