ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Beta Client Onboarding

v1.0.0

Manages client onboarding workflows — welcome sequences, document collection, intake forms, kickoff scheduling, and progress tracking. Supports multiple trac...

0· 39·1 current·1 all-time
by@1477009639zw-blip
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The manifest and SKILL.md claim email integration, calendar access, and automatic onboarding activation, but the skill does not require or declare any credentials, API keys, or config paths needed to send email or access calendars. That mismatch suggests either missing declarations or an assumption that the agent/platform will provide access implicitly; either way the requested capabilities are not aligned with the stated requirements.
!
Instruction Scope
The SKILL.md is very high-level and gives no concrete runtime instructions (no endpoints, no commands, no file paths). It also says "Activated automatically when a new client engagement begins," which implies autonomous behavior but provides no rules or limits. The vagueness grants the agent wide discretion about how to accomplish tasks, which is a scope and safety concern.
Install Mechanism
This is an instruction-only skill with no install spec and no code files, so nothing will be written to disk by the skill itself. Requiring python3 is lightweight and reasonable for a skill that might call or expect Python, but no installers or downloads are present.
!
Credentials
The skill declares no required environment variables or credentials despite claiming email and calendar integration. Legitimate onboarding functionality normally requires SMTP/SendGrid/API credentials or OAuth tokens for calendars; the absence of any declared secrets or config is disproportionate and unexplained.
Persistence & Privilege
always is false and there are no install scripts or config paths that modify other skills or system settings. Autonomous invocation is allowed (platform default), which is consistent with an actionable skill, but because the skill is vague this increases the need for caution — the skill itself does not request elevated persistence.
What to consider before installing
This skill is vague about how it will send emails or access calendars and doesn't declare any credentials — that mismatch is the main red flag. Before installing: ask the publisher how email/calendar access is implemented (what account or API is used), insist they declare required env vars or OAuth flows, and verify where messages and calendar events will originate. If you still want to test it, run it in a sandboxed agent with no access to real email/calendar accounts or provide throwaway test credentials, and enable audit logging so you can see exactly what actions the agent takes. If the publisher cannot explain the missing credentials and activation behavior, treat the skill as untrusted.

Like a lobster shell, security has layers — review code before you run it.

latestvk973vw6f2y9px5rmhme7f37pjh83wtxv

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🤝 Clawdis
Binspython3

Comments