Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
WotoHub Automation
v1.0.5End-to-end WotoHub influencer outreach automation for product understanding, creator search, recommendation ranking, outreach email drafting, batch send, inb...
⭐ 0· 0·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description (WotoHub influencer outreach: search, ranking, draft, batch send, inbox/reply) align with the included Python scripts and documentation. The only required credential is WOTOHUB_API_KEY, which is appropriate for the stated send/inbox functionality. Example env vars and optional base URL/state dir are consistent with the skill's purpose.
Instruction Scope
SKILL.md directs running multiple scripts (search, generate_email, send, monitor_replies, campaign cycles) and to validate host-injected model outputs before executing sends — this matches expected behavior. It warns about guardrails and TLS. The scope is broad (can send emails and access inbox) which is expected for this skill type, but that breadth means an API key enables potentially destructive actions so runtime validation and human review gates must be enforced by the integrator.
Install Mechanism
No centralized install spec is present (instruction-only install via pip -r requirements.txt). That is common, but it means dependency installation will run on the host; requirements.txt contents were not provided. There are many executable Python files bundled in the skill (not just docs), so review code and dependencies locally before pip installing. No remote arbitrary download URLs were observed in the manifest.
Credentials
The declared required env var is a single WOTOHUB_API_KEY (plus optional WOTOHUB_BASE_URL and WOTOHUB_STATE_DIR). Those are proportional to a service that supports send and inbox operations. The documentation explicitly warns that the API key grants user-state operations (send/inbox) and should be treated as sensitive. No unrelated credentials (e.g., AWS keys, GitHub tokens) are requested.
Persistence & Privilege
The skill is not marked always:true and follows normal autonomous-invocation defaults. There is no indication it modifies other skills or system-wide agent settings. Because the skill can be invoked autonomously and can perform sends/inbox actions when given an API key, consider the usual operational controls (human-in-the-loop, limited-scope API key) — but this is a design concern rather than an incoherence.
Scan Findings in Context
[unicode-control-chars] unexpected: A pre-scan flagged unicode control / hidden characters inside SKILL.md content. That can be used in prompt-injection attacks (invisible characters to alter how hosts parse or display prompts). The skill's docs themselves claim a hidden-character scan found no issues, creating a contradictory signal; you should manually inspect SKILL.md and prompt files for invisible characters and remove/normalize them before trusting the skill.
What to consider before installing
This package appears to implement the advertised outreach workflow, but it can send emails and access an inbox when given WOTOHUB_API_KEY — treat the key as powerful. Before installing or enabling:
- Manually inspect SKILL.md and the prompt files for invisible/unicode control characters (the pre-scan flagged this). Remove any suspicious invisible characters.
- Review requirements.txt and the top-level Python scripts (wotohub_skill.py, scripts/*.py) to confirm there are no unexpected external endpoints or obfuscated network calls beyond the documented api.wotohub.com endpoints.
- Run preflight.py with a non-production or scoped test token first (as suggested in docs) to observe behavior without exposing production data.
- Do not provide a full-privilege production API key until you confirm human-review gates are enforced for sends and replies. Prefer a scoped key or a test account with no send privileges for initial testing.
- Run the skill in an isolated/sandbox environment (or container) and avoid running pip installs on critical hosts until dependencies and code are audited.
- If you spot the unicode-control-chars finding in SKILL.md, request a clean/patched package from the author or remove those characters yourself. If you cannot verify the code and hidden-char issue, treat the skill as untrusted.
If you want, I can: (1) list the top files to inspect for network calls, (2) search the repository for occurrences of non-WotoHub endpoints, or (3) extract requirements.txt and summarize packages to help you audit dependencies.Like a lobster shell, security has layers — review code before you run it.
latestvk977ter6mstpy1hszx3y27bmvs84h7cs
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
EnvWOTOHUB_API_KEY