Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
AI CEO Automation
v1.0.0AI CEO automation system for fully automated company operations
⭐ 0· 1.1k·13 current·14 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill claims to provide full 'AI CEO' automation and points to a GitHub repo containing Actions, templates, and scripts — this is coherent with the declared purpose. However, the actual automation is delegated to an external repository (sendwealth/claw-intelligence) whose workflow contents are not included in the skill, so the repo's code is doing the work rather than the skill bundle itself.
Instruction Scope
The SKILL.md explicitly instructs cloning a third‑party repository and enabling GitHub Actions with the setting 'Allow all actions'. That setting and running the listed workflows (.github/workflows) permit execution of arbitrary third‑party code in your repo context. The skill does not include the workflows' contents or any guidance to audit them before enabling — this is scope creep into executing external code with repo privileges.
Install Mechanism
There is no install spec (instruction‑only), which is low risk in itself. The practical effect, however, is that the skill directs you to pull and run assets from an external GitHub repo; because those workflows will run on your infrastructure when enabled, that external download/execution is the primary install/attack surface even though it's not represented as a formal install spec.
Credentials
The skill declares no required environment variables or credentials, which is consistent. But GitHub Actions workflows commonly rely on repository secrets or tokens; the SKILL.md does not disclose whether the referenced workflows require or will attempt to use secrets or other credentials, so there's missing information about what secrets (if any) you'd need to provide and how they'd be used.
Persistence & Privilege
The skill is not marked always:true and does not request system persistence or elevated platform privileges. It is user‑invocable and can be invoked autonomously by the agent (default), which is normal — but that autonomy combined with the instruction to enable GitHub Actions could increase impact if workflows are malicious.
What to consider before installing
Before following these instructions, inspect the referenced repository and every workflow in .github/workflows in the sendwealth/claw-intelligence repo (or its fork). Do NOT enable 'Allow all actions' for repositories you care about — prefer 'Allow local and GitHub Actions' or 'Selected actions' and only add vetted actions. Run the workflows in a disposable/forked test repository or organization to observe behavior. Check workflows for steps that use secrets, run arbitrary shell commands, or push commits/releases. If you cannot review the workflow files yourself, treat the repo as untrusted and avoid granting it admin rights or adding sensitive repository secrets.Like a lobster shell, security has layers — review code before you run it.
latestvk97f11tcg1tgvt2gfvpgrpavx9820tpr
License
MIT-0
Free to use, modify, and redistribute. No attribution required.