Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Mission Control Builder
v1.0.0Build a personal dashboard for OpenClaw with task management, memory browser, calendar, team tracking, and GitHub trends. Use when the user wants to create a...
⭐ 1· 556·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description (personal dashboard for OpenClaw) aligns with the provided Next.js project scaffolding and file-based task storage. However, the skill repeatedly mentions integrating with an OpenClaw memory store and GitHub trends but declares no environment variables or configuration for connecting to those services. That gap is an inconsistency: accessing OpenClaw memories or GitHub data normally requires endpoints/credentials which are not specified.
Instruction Scope
The SKILL.md is an instruction-only guide to create a local Next.js app that reads/writes JSON files under the project (src/data). File I/O is scoped to the project directory (process.cwd()), which is expected for a local dashboard. The instructions are incomplete about how to access external data sources (OpenClaw memory, GitHub trends) and leave implementation details open-ended, which grants broad discretion to whoever implements the integrations.
Install Mechanism
There is no install spec and no code files executed by the platform; the skill is instruction-only and relies on standard tooling (npx, npm). This is the lowest-risk install posture from the registry perspective.
Credentials
No environment variables or credentials are required according to the metadata. That is plausible for a purely local, file-based dashboard, but inconsistent with advertised integrations: connecting to an OpenClaw instance or the GitHub API typically requires endpoints and credentials. The absence of declared env vars is therefore an omission and should be clarified before trusting any code that connects to external services.
Persistence & Privilege
The skill does not request permanent presence (always: false), does not modify other skills or system-wide settings, and has no install hooks. It will not persist or escalate privileges via the registry metadata.
What to consider before installing
This skill is an instruction document for creating a local Next.js dashboard and appears technically coherent for that core purpose. However: (1) The guide claims to surface OpenClaw memories and GitHub trends but doesn't show how to connect to those services or what credentials are needed — ask the author or inspect any implementation before providing API keys or connecting live data. (2) The example uses local JSON files for storage; be careful storing sensitive data (memories, tokens) in plain files and consider access controls/encryption. (3) Because the skill is instruction-only, there is no registry-installed code, but if you follow the guide and paste/run code from unknown sources, review it for network calls or secrets exfiltration. If you plan to use this with real OpenClaw memories or GitHub accounts, require explicit documentation of required env vars, endpoints, and authentication flows before giving it access to credentials.Like a lobster shell, security has layers — review code before you run it.
dashboardvk976807f1ecj4wdmy3hbqmmgbh81fp3rlatestvk976807f1ecj4wdmy3hbqmmgbh81fp3rnextjsvk976807f1ecj4wdmy3hbqmmgbh81fp3ropenclawvk976807f1ecj4wdmy3hbqmmgbh81fp3rtasksvk976807f1ecj4wdmy3hbqmmgbh81fp3rtutorialvk976807f1ecj4wdmy3hbqmmgbh81fp3r
License
MIT-0
Free to use, modify, and redistribute. No attribution required.