ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Appian Missingdescr

v1.5.10

Audit Appian application objects for missing descriptions. Given an application UUID, reports every object whose description field is empty or absent.

0· 80·0 current·0 all-time
by@solarspiker

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for solarspiker/appian-missingdescr.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Appian Missingdescr" (solarspiker/appian-missingdescr) from ClawHub.
Skill page: https://clawhub.ai/solarspiker/appian-missingdescr
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Required env vars: APPIAN_PROC_URL, APPIAN_RUNNER
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install appian-missingdescr

ClawHub CLI

Package manager switcher

npx clawhub@latest install appian-missingdescr
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The requested environment variables (APPIAN_PROC_URL and APPIAN_RUNNER) are consistent with an Appian audit tool: APPIAN_PROC_URL could be the Appian endpoint and APPIAN_RUNNER a local Node script that performs the audit. However, registry metadata outside SKILL.md lists no required binaries while SKILL.md metadata declares 'node' as a required binary — this mismatch is an inconsistency in the manifest that should be corrected. The lack of source/homepage also reduces transparency.
!
Instruction Scope
Runtime instructions tell the agent to run: node $APPIAN_RUNNER missing-descr APPLICATION_UUID and then 'report the output verbatim.' Because the skill provides no code itself, APPIAN_RUNNER points to an external script that will be executed; that script could read arbitrary files, environment variables, or network endpoints and print sensitive data. Requiring verbatim reporting increases the likelihood of accidental exfiltration of secrets or sensitive Appian data.
Install Mechanism
There is no install spec (instruction-only), which limits what the skill writes to disk. That is lower risk in general, but the runtime behavior requires executing a potentially arbitrary local script (APPIAN_RUNNER) with Node — effectively delegating behavior to external code outside this skill's package. This is acceptable for a wrapper-style skill but should be documented and trusted.
Credentials
Only two environment variables are required, which is proportionate for an Appian audit: APPIAN_PROC_URL (primaryEnv) and APPIAN_RUNNER. However, APPIAN_RUNNER is effectively a pointer to executable code under the user's environment and thus grants the skill the ability to run arbitrary commands. The SKILL.md requires APPIAN_PROC_URL even though the run command doesn't reference it directly (it likely is consumed by the runner), which is reasonable but worth clarifying.
Persistence & Privilege
The skill does not request persistent/always-on presence (always: false) and does not modify other skills or system settings. It uses normal, on-demand invocation.
What to consider before installing
This skill appears coherent for auditing Appian descriptions, but exercise caution before installing: 1) Verify APPIAN_RUNNER points to a trusted Node script you control (review its contents), because the skill will run that script and print its output verbatim. 2) Be careful that the script does not print credentials, tokens, or other sensitive data — 'report verbatim' can lead to accidental leakage. 3) Confirm the 'node' binary is available (SKILL.md requires it) and ask the publisher to fix the manifest inconsistency if you rely on registry metadata. 4) If unsure, run the runner manually in an isolated/sandbox environment to see what it outputs before giving the agent permission to execute it automatically.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

🔎 Clawdis
EnvAPPIAN_PROC_URL, APPIAN_RUNNER
Primary envAPPIAN_PROC_URL
latestvk972k1tabantgf6bnh7cgebjxn84v3cv
80downloads
0stars
12versions
Updated 1w ago
v1.5.10
MIT-0
@solarspiker
latest
Download

Appian Missing Descriptions

Reports every object in an Appian application that has an empty or absent description field, grouped by object type.

Prerequisites

Both APPIAN_PROC_URL and APPIAN_RUNNER must be set in your environment before running.

How to run

node $APPIAN_RUNNER missing-descr APPLICATION_UUID

Replace APPLICATION_UUID with the UUID the user provided.

After running

Report the output verbatim — do not summarize or omit any lines.

Comments

Loading comments...