ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Asus

v1.0.3

提供华硕笔记本、主板、显卡等产品信息、门店查询、新品发布及技术支持服务。

0· 69·0 current·1 all-time
by@hanxueyuan
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The public description promises product/store lookup, new-release notifications, and technical support services, but the SKILL.md only describes providing general background, product lines, and market info. That mismatch (claimed interactive features vs. only static informational instructions) is unexplained and could be sloppy or misleading.
Instruction Scope
SKILL.md is short and scoped to answering user queries about ASUS background, products, and market position. It does not instruct the agent to read files, access credentials, or contact external endpoints beyond what the agent normally can do, so runtime instructions themselves are not requesting extra privileges.
Install Mechanism
No install spec and no code files (instruction-only). This is the lowest-risk install pattern — nothing will be written to disk by the skill itself.
Credentials
No environment variables, credentials, or config paths are required. The skill does not request disproportionate secrets or access.
Persistence & Privilege
always is false and default autonomous invocation is allowed (platform default). The skill does not request persistent system-wide privileges or modify other skills; this is normal.
What to consider before installing
The skill appears to be a simple informational helper (low technical risk) but its description advertises interactive features (store lookup, new-release tracking, technical support) that the runtime instructions do not implement. Before installing or relying on it: (1) ask the publisher to clarify how store lookups and support are performed and for a homepage/source; (2) avoid supplying any credentials or secrets to the skill; (3) prefer skills with an explicit source or official homepage; and (4) test its behavior with non-sensitive queries first. The mismatch likely indicates sloppy documentation rather than malicious intent, but confirm functionality with the author.

Like a lobster shell, security has layers — review code before you run it.

latestvk97cxj5ma5znth5q5c8rk0csns84x1bz

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments