Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name and description match a simple task (organize a downloads folder). No required env vars or binaries are requested, which is reasonable for a local file-organizer. However the manifest lists allowed-tools that would grant broad file-system and shell access if implemented.
Instruction Scope
SKILL.md is essentially a placeholder: it contains no concrete runtime instructions or safe-scoped commands and lists '待开发' (to be developed). Allowed-tools includes Read, Write, Edit, Bash, which would permit arbitrary file reads/writes and shell execution when the skill is invoked — the current instructions give the agent broad discretion without limits or specific paths.
Install Mechanism
Instruction-only skill with no install spec or code files; nothing will be written to disk by an installer. This is low-risk as delivered.
Credentials
No environment variables, credentials, or config paths are requested, which is proportionate for the stated purpose.
Persistence & Privilege
always is false and the skill is user-invocable only. It does not request permanent presence or modify other skills; default autonomous invocation is allowed but not combined with other concerning flags.
What to consider before installing
This skill is incomplete and currently just a stub. It also declares permissions (Read, Write, Bash) that would let an agent access and modify files or run shell commands—capabilities you should not grant blindly. Before installing or enabling: 1) require a link to the source repository and a changelog or commit history; 2) request a concrete SKILL.md or implementation that explicitly limits which directories and file types the skill may access (e.g., only ~/Downloads) and provides a safe 'dry-run' mode; 3) prefer removing or restricting Bash access (or require explicit user confirmation before any shell execution); 4) test the skill in a sandbox or with non-sensitive files; 5) only enable autonomous invocation once a reviewed implementation exists. If you cannot obtain a reviewed implementation, do not grant file-system or shell permissions to this skill.Like a lobster shell, security has layers — review code before you run it.
latestvk97f28skpj9jg6krr0aje784an84eef9
License
MIT-0
Free to use, modify, and redistribute. No attribution required.