ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Edith Senso Knowledge

v1.0.0

Search your Senso.ai knowledge base hands-free through Edith smart glasses. Triggers on knowledge/document queries.

0· 45·0 current·0 all-time
by@samdickson22
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description: search Senso.ai knowledge base via Edith smart glasses. Declared requirements and runtime instructions only involve a Senso API key and HTTP calls to sdk.senso.ai, which is proportionate to the stated purpose.
Instruction Scope
SKILL.md gives explicit, narrow instructions: set SENSO_API_KEY, call the Senso search/generate endpoints with curl, summarize results for voice output, and handle obvious errors. It does not instruct reading unrelated files or credentials. The only broad action is use of the exec tool (curl), which is expected to perform the network calls required.
Install Mechanism
Instruction-only skill with no install spec and no code files. Nothing is written to disk and there are no external downloads — lowest install risk.
Credentials
The skill asks the user to store a single Senso API key (SENSO_API_KEY) in OpenClaw's memory/config, which is necessary for its operation. This is proportionate, but storing a secret in agent memory has privacy implications: the key could potentially be accessed by other skills or exposed if the user shares conversation history. The SKILL.md instructs the user to paste the key directly into the agent, which should be done cautiously.
Persistence & Privilege
always is false and the skill is user-invocable; model invocation is allowed (default) which is normal for skills. The skill does not request persistent system-wide changes or access to other skills' configs.
Assessment
This skill appears to do exactly what it says: query your Senso.ai knowledge base and summarize results for Edith voice output. Before installing, consider these practical cautions: 1) The skill requires you to provide your Senso API key (SENSO_API_KEY) to OpenClaw; avoid pasting that key into public chats and understand where the platform stores it and who/what can read it. 2) The skill will send user-provided queries and concatenated document passages to sdk.senso.ai (search/generate endpoints); do not send highly sensitive secrets or regulated data unless you trust Senso.ai and have reviewed their privacy/security controls. 3) Use a least-privilege or dedicated API key if possible and rotate/revoke it if you stop using the skill. If you want extra assurance, ask the skill owner for details on how OpenClaw stores secrets and which other skills (if any) can access stored keys.

Like a lobster shell, security has layers — review code before you run it.

latestvk97c9dnp3np69mmnmwzq3ej7zd83rjt8

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments