ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Banks

v0.1.0

Find nearby banks. Invoke when user asks for bank branches near me.

0· 98·0 current·0 all-time
by@clawkk

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for clawkk/banks.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Banks" (clawkk/banks) from ClawHub.
Skill page: https://clawhub.ai/clawkk/banks
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install banks

ClawHub CLI

Package manager switcher

npx clawhub@latest install banks
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description and the SKILL.md all describe a simple 'nearby banks' POI lookup — this is coherent. However, the SKILL.md references a response schema file via a local file:// path (STANDARD_RESPONSE.md) that is not bundled with the skill, which suggests a missing dependency or implicit expectation of local project files.
!
Instruction Scope
Instructions define inputs, outputs, error codes, and privacy guidance and stay within the declared purpose. But they mention a data provider (PROVIDER_UNAVAILABLE) and rate limiting without specifying which external API to call, endpoints, or required credentials. The reference to a local file path (file:///Users/...) for STANDARD_RESPONSE.md is outside the skill bundle and would require the agent to access local filesystem paths not included in the skill.
Install Mechanism
No install spec and no code files — lowest-risk delivery model. The skill is instruction-only, so nothing is written to disk by an installer.
!
Credentials
The skill declares no required environment variables or credentials, yet it implies querying an external provider for POI data. A provider API typically requires credentials or an endpoint; the absence of any declared env vars or primary credential is a mismatch and may hide implicit requirements.
Persistence & Privilege
always is false and the skill has no install-time hooks or config changes. It does not request persistent privileges or modify other skills' settings.
Scan Findings in Context
[no_code_files] expected: The skill is instruction-only so the regex scanner had no code to analyze — this is expected. Because of that, the SKILL.md is the primary surface for security review.
What to consider before installing
This skill appears to be a straightforward 'nearby banks' lookup, but it leaves out important operational details. Before installing or enabling it, ask the publisher: (1) Which data provider or API will the skill call to get bank locations? (2) Will it require API keys or endpoints, and if so where/how should those credentials be supplied and stored? (3) Provide or bundle the STANDARD_RESPONSE.md schema (or an accessible URL) so you know exactly what the skill will return. Also confirm the privacy controls: ensure it will only query after explicit user location consent and that precise coordinates are not logged or exfiltrated to unknown endpoints. If the author cannot clarify these points, treat the skill as incomplete/suspicious and avoid granting it access to real location data.

Like a lobster shell, security has layers — review code before you run it.

latestvk97cn963p5m012t2fx3d2jpw3d83eqaq
98downloads
0stars
1versions
Updated 1mo ago
v0.1.0
MIT-0
@clawkk
latest
Download

Nearby Banks

用途

  • 提供用户当前位置附近的 Banks 列表
  • 统一返回字段与查询行为,便于前端/接口复用

触发条件

  • 用户询问“银行 附近 / banks near me / nearby banks / 就近网点”

输入参数

  • location: 经纬度 { lat, lng },必填
  • radius_meters: 查询半径,默认 3000
  • limit: 返回数量上限,默认 20,最大 50
  • filters: 可选筛选(是否对公、是否周末营业等)

响应字段

错误码

  • INVALID_LOCATION: 经纬度不合法
  • RADIUS_TOO_LARGE: 超过最大查询半径
  • PROVIDER_UNAVAILABLE: 数据源不可用
  • RATE_LIMITED: 触发速率限制

示例

  • 输入: { location: { lat: 30.123, lng: 120.456 }, radius_meters: 3000, limit: 10 }
  • 输出: 标准 POI 列表(见 STANDARD_RESPONSE.md)

隐私与速率限制

  • 仅在用户授权定位后查询
  • 避免保留精确坐标,必要时进行网格化模糊处理

Comments

Loading comments...