Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Auto Responder
v1.0.0Responde automáticamente a mensajes en topics definidos, usando reglas de palabras clave, reglas de exclusión y cooldowns para evitar spam.
⭐ 0· 144·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The described purpose (automatic replies based on topic/keywords, cooldowns, exclusions) aligns with the instructions conceptually and does not require credentials. However the SKILL.md tells you to copy a binary into node_modules and to run 'auto-responder' even though the package contains no code or binaries — this mismatch means the published skill lacks the actual implementation it claims to provide.
Instruction Scope
Instructions instruct agents to read inbound message metadata, thread_id, and sender (expected), create per-agent config files (auto-responder.json) in workspaces, and write a cache at ~/.cache/auto-responder.json. Those file writes and the recommendation to run the binary as a hook or on heartbeat grant the skill persistent runtime effects across agents. The doc also references an explicit user home (/home/nvi) which is only an example but could mislead. Most importantly, the instructions rely on an 'auto-responder' executable and give no guidance or code for where it comes from.
Install Mechanism
There is no formal install spec in the registry and no code files in the package, yet SKILL.md contains manual install steps (copy to ~/.npm-global/lib/node_modules/openclaw/skills/auto-responder/ and invoke 'auto-responder'). This is inconsistent and risky: either the skill is documentation-only (no runnable artifact) or the author expects you to fetch/install an executable from elsewhere — the source and provenance of that executable are not provided.
Credentials
The skill declares no required environment variables or credentials and does not request external secrets. It does ask to read inbound message metadata and to detect the bot's own ID to avoid self-replies (reasonable). The only local resource access is to per-agent workspace files and a cache in the user's home directory — these are proportionate but should be confirmed before granting write access.
Persistence & Privilege
always is false and autonomous invocation via hooks/heartbeat is suggested (normal for this use). The skill's recommended integration (hook or heartbeat) would give it continuous runtime presence and the ability to post messages automatically; this is expected for an auto-responder but increases blast radius if the implementation is buggy or malicious. The package itself does not request to modify other skills or system-wide settings.
What to consider before installing
Do not install or copy anything based solely on this SKILL.md. The package contains only documentation and no executable — yet the instructions expect an 'auto-responder' binary and recommend copying files into your global node_modules. Before proceeding, ask the publisher for the actual implementation (source code or a trusted release URL). If you obtain an executable, review its source or verify its provenance, run it in an isolated test environment, and inspect what it writes (auto-responder.json, ~/.cache/auto-responder.json). Limit its permissions, configure conservative cooldowns and require-mention during testing to avoid unwanted autonomous replies, and only enable hooks/heartbeat in production after thorough testing. If you cannot get source code or a trustworthy release URL, treat this package as documentation-only and avoid copying or running unverified binaries.Like a lobster shell, security has layers — review code before you run it.
latestvk97f2mz8gh1j58d8a8xbs8nx09834wd3
License
MIT-0
Free to use, modify, and redistribute. No attribution required.