ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Web3 Target Team Research

v1.0.1

Find crypto/web3 teams with $10M+ funding and verified Telegram contacts. Use when hunting for crypto leads, building contact lists, researching funded startups, or prospecting web3 companies. Spawns parallel subagent hunters to search VC portfolios and verify TG handles.

0· 1.7k·0 current·0 all-time
by@shwchlorine
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The stated purpose (hunt for $10M+ crypto teams and verify Telegram handles) is coherent with instructions to search VC portfolios, check funding, and verify t.me profiles. However, the skill repeatedly references absolute local paths (/Users/derrick/clawd/crypto-master.csv, etc.) and workspace files (HEARTBEAT.md) tied to a specific user, which is not justified by the generic skill description and suggests the instructions expect access to a particular user's filesystem. That hard-coded path is disproportionate and unlikely to work for other users.
!
Instruction Scope
SKILL.md and referenced templates instruct the agent to spawn parallel subagents (sessions_spawn), create cron jobs to auto-respawn hunters every 10 minutes, continually retry and 'never stop', update HEARTBEAT.md, and read/write master CSVs. They also direct the agent to fetch web pages and take screenshots of Telegram profiles. The automation and persistent respawn behavior is open-ended and broad; the files and system commands referenced (grep/cat on absolute paths) reach outside a minimal, purpose-limited scope.
Install Mechanism
This is an instruction-only skill with no install spec and no code files, so there is no downloaded code or package install risk. That lowers the risk of arbitrary code being written to disk. The remaining risk comes from the runtime instructions the agent will execute.
!
Credentials
The skill declares no environment variables or credentials, which at first glance is appropriate. However, it instructs reading/writing CSVs at hard-coded absolute paths and editing HEARTBEAT.md, which implies access to local files that are unrelated to the declared workspace. The lack of declared env/config requirements but simultaneous reliance on specific user files is a mismatch and could cause the agent to attempt to access sensitive local data or fail in unexpected ways.
!
Persistence & Privilege
Although always:false (not force-installed), the instructions explicitly direct creating a cron job to check and respawn subagents every 10 minutes and to 'RUN 24/7 UNTIL DERRICK SAYS STOP'. That grants the skill effective continuous autonomous operation if the platform honors the cron and sessions_spawn calls. Persistent auto-respawn behavior combined with autonomous subagent spawning increases blast radius and should be treated cautiously.
What to consider before installing
This skill appears to do what it says (hunt funded Web3 teams and verify Telegram handles), but it contains multiple red flags you should consider before installing: - Hard-coded local paths: The instructions reference /Users/derrick/... CSVs and HEARTBEAT.md. Confirm whether the skill will be run in an isolated workspace or if it will try to read/write files in your home directory. If you don't know why those paths are present, don't install or ask the author to generalize to workspace-relative paths. - Persistent, autonomous behavior: The skill tells the agent to create a cron job and continuously respawn subagents (24/7). If installed, it could run indefinitely and spawn many subagents. Limit installation to manual/invokable-only use or require human approval for spawning jobs. - File access and privacy: The skill instructs using cat/grep on CSVs and updating HEARTBEAT.md — verify what files the agent can access. If your environment grants broad filesystem access, this could expose unrelated data. - Platform capabilities: The instructions assume platform functions like sessions_spawn, sessions_list, cron({...}), and web_fetch screenshots. Confirm whether your environment supports those APIs and what permissions they grant. If those APIs can create persistent jobs or spawn many subagents, consider restricting or monitoring them. - Operational/ToS considerations: The skill scrapes Telegram profiles and takes screenshots. Ensure this behavior aligns with legal/ToS rules for the sites you target. Recommendations: only run this skill in a sandboxed environment, require manual invocation rather than auto-respawn, remove or change hard-coded absolute paths to workspace-relative locations, and require human confirmation before spawning subagents or adding cron jobs. If you need continuous operation, get explicit documentation on how the cron/session APIs behave and what limits you can apply (rate limits, maximum subagents, logging, and stop procedures).

Like a lobster shell, security has layers — review code before you run it.

latestvk975wm9dv3d6saf419d3vtpxmx7zzk2n

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments