ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Chatbot Personality Set

v1.0.0

Implement Chatbot Personality Set using OrbCafe UI (CustomizeAgent). Enterprise-grade React component with built-in best practices.

0· 174·0 current·0 all-time
by@shenruiyang
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (Chatbot Personality Set using OrbCafe UI) matches the SKILL.md which shows installing the orbcafe-ui package and a usage example. Nothing requested (no env vars, no binaries) is inconsistent with this purpose.
Instruction Scope
Runtime instructions are limited to installing an npm package and using a React component snippet. The instructions do not ask the agent to read unrelated files, access credentials, or transmit data to external endpoints.
Install Mechanism
There is no embedded install spec in the skill (instruction-only). The SKILL.md suggests using npm/pnpm to install 'orbcafe-ui' which is a standard, proportional recommendation; the skill does not itself download arbitrary URLs or write files.
Credentials
No environment variables, credentials, or config paths are required or referenced. The skill's needs are minimal and appropriate for a UI integration guide.
Persistence & Privilege
The skill is not always-on and does not request elevated platform privileges or modify other skills or system-wide settings. Autonomous invocation is allowed by default but there are no instructions that would abuse that capability.
Assessment
This skill is essentially documentation for integrating the 'orbcafe-ui' React component; it is internally consistent. Before installing the npm package, verify the package name and publisher on the npm registry, review the package README and source code (or inspect node_modules after install), and check for postinstall scripts or excessive permissions. Pin a specific version, run dependency vulnerability checks (e.g., npm audit), and if you don't trust the package or its publisher, test it in a sandboxed environment first.

Like a lobster shell, security has layers — review code before you run it.

latestvk97cc249y85jndh4dny3zwyat182wwxz

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments