ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Openclaw Skill Clawban

v0.1.6

Kanban Workflow is a TypeScript skill for a stage-based agentic co-worker that integrates PM platforms via CLI-first adapters (CLIs or small wrapper scripts)...

0· 403·0 current·0 all-time
bySimon van Laak@simonvanlaak
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The code and SKILL.md describe a Node.js TypeScript CLI that shells out to platform CLIs and wrapper scripts (GitHub, Plane, Planka, Linear). That capability matches the skill's description. However the registry metadata lists no required binaries/envs and claims 'instruction-only' (no install spec), while SKILL.md and package.json explicitly require node/npm, npm ci, and adapter CLIs (gh, planka-cli, plane, curl/jq) and the repo contains package.json + many source files. This mismatch (metadata saying none, files saying many) is an incoherence you should be aware of.
!
Instruction Scope
SKILL.md and SECURITY.md state the core uses adapter CLIs for auth (inherits CLI session) and does not persist tokens. That is mostly true, but some included helper scripts contradict the 'no direct HTTP auth' claim: scripts/linear_json.sh performs direct HTTP calls to api.linear.app using LINEAR_API_KEY (curl + jq). Adapters and scripts run arbitrary CLIs/execa and may read/write config/kanban-workflow.json and can install a cron job via --autopilot-install-cron. The instructions do not attempt to read unrelated host files, nor do they mention exfiltrating data to unexpected endpoints, but they do instruct network calls to third-party APIs and reliance on adapter-provided credentials.
Install Mechanism
There is no registry-level install spec (the skill is 'instruction-only' at registry level), which is lower risk, but the repo includes package.json, package-lock.json and SKILL.md explicitly recommends running `npm ci` to install dependencies. If you plan to run this skill you will need to run npm ci locally; the skill will not automatically provide audited binaries. No downloads from obscure URLs or extract/install instructions are present in the bundle itself.
!
Credentials
Top-level registry metadata shows no required env vars, while SKILL.md documents adapter-specific optional envs (PLANE_API_KEY, PLANE_WORKSPACE, LINEAR_API_KEY). The scripts include a linear wrapper (scripts/linear_json.sh) that requires LINEAR_API_KEY and performs HTTP requests with it. Those credentials are proportionate to the adapters' purposes, but the metadata omission is an inconsistency that could lead a user to underestimate secret exposure. Also note: the skill acts with whatever privileges the installed platform CLIs or API keys have.
Persistence & Privilege
The skill does not request always:true and does not declare elevated system-wide privileges. It writes a repo-local config file (config/kanban-workflow.json) and offers an option to install an OpenClaw cron job (--autopilot-install-cron). Both behaviors are expected for this kind of automation and are called out in the docs; there is no evidence the skill attempts to modify other skills' configs or system tokens.
What to consider before installing
This skill appears to be a genuine CLI-first Kanban integrator, but there are a few mismatches and practical risks to consider before installing: - Metadata vs reality: The registry metadata claims no required binaries or env vars and no install step, but the repository and SKILL.md require Node/npm (npm ci) and adapter CLIs (gh, planka-cli, plane, curl, jq). Expect to run npm ci and to install adapter CLIs yourself. - Credentials: If you enable the Plane or Linear adapters you will need PLANE_API_KEY/PLANE_WORKSPACE or LINEAR_API_KEY. The linear wrapper script (scripts/linear_json.sh) sends LINEAR_API_KEY in an Authorization header to api.linear.app — review that script and only provide API keys you trust and scope to least privilege. - Privilege inheritance: The skill shells out to platform CLIs and acts with the same permissions those CLIs or API keys have. Ensure CLI sessions and tokens are scoped appropriately (least privilege) before using the skill. - Cron/install behavior: The skill can optionally install an autopilot cron job. If you use that option, verify what it writes (the cron entry and command) and ensure it runs in an environment with only the credentials you intend. - Review scripts and code: The included scripts (linear_json.sh, planka_whoami_json.mjs) and TypeScript files are readable; scan them to confirm there are no unexpected network destinations or obfuscated logic. There are no scanner flags in the provided data, but the metadata inconsistencies above warrant manual review. Recommended actions: review the two wrapper scripts and package.json, run npm ci in an isolated environment if you plan to execute locally, provide adapter API keys only when necessary and with least privilege, and avoid using the autopilot cron install until you have inspected what it will create.

Like a lobster shell, security has layers — review code before you run it.

latestvk97953y4pmk938hq9d08398w5h81wydv

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments