ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Ai Act Risk Check

v1.0.0

Assesses AI system risk polarity based on Annex III of the EU AI Act, identifying high-risk categories like biometrics and employment.

0· 11.2k·4 current·6 all-time
by@bluesbell
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill's stated purpose (preliminary EU AI Act Annex III high-risk classification) matches the script's actual behavior. However the SKILL.md claims it 'uses pure shell and `oracle` via `exec`', while script.sh actually calls a 'gemini' CLI. The package.json and SKILL.md declare no runtime dependencies, but the script requires a CLI not documented in the manifest. This is an incoherence (likely stale docs or packaging oversight) rather than proof of malicious intent.
!
Instruction Scope
SKILL.md instructs the model to 'Output ONLY the classification line' with no preamble, but script.sh prints additional context to stdout (echoes the AI System description, headings, and a disclaimer). That means the real runtime behavior differs from the stated strict-output contract. Also script.sh will echo the full input description to standard output/logs, which may leak sensitive or confidential descriptions to logs or whatever consumer collects stdout.
!
Install Mechanism
There is no install spec (instruction-only), which is low-risk generally — but script.sh depends on an external CLI ('gemini') that is not declared in the skill metadata. Because the required binary is not listed, the skill may silently fail or behave differently depending on the environment. No downloaded code or obscure URLs are present.
Credentials
The skill does not request environment variables, credentials, or config paths. The script itself does not read secrets or system files. Note: using the gemini CLI may implicitly rely on credentials or local configuration for that tool (outside the skill), but the skill does not explicitly request them.
Persistence & Privilege
The skill does not request permanent presence, does not set always:true, and does not modify system or other-skill configurations. Autonomous invocation is allowed (platform default) but not combined with other red flags.
What to consider before installing
This skill appears to do what it says (classify a short AI-system description against Annex III), but there are a few things to check before installing or invoking it: - The script calls the 'gemini' CLI but the skill metadata/README do not list that dependency. Confirm you have a trusted gemini binary installed and understand what credentials or network access it uses. - SKILL.md claims the model will 'output ONLY the classification line', but script.sh prints the input description and other text around the result. If you will be checking sensitive descriptions, be aware they will be echoed to stdout/logs. - The SKILL.md mentions an 'oracle' via exec (not present in the code) — ask the author whether the documentation is stale or whether other LLM CLIs might be used. Request the exact runtime requirements and intended CLI. - Because the skill invokes an external LLM CLI, review how that CLI is configured (API keys, network endpoints, logging) to ensure no unintended data exfiltration. If you need higher assurance: ask the author to (1) update SKILL.md to accurately reflect the required CLI, (2) declare the gemini dependency or provide an install step, and (3) remove or make optional the echoing of the full input description so outputs are limited to the intended classification line.

Like a lobster shell, security has layers — review code before you run it.

latestvk976kajxvs145cpexm8cbzktb580ra8f

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments