ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Beyonce

v0.1.4

Information assistant for Beyoncé 碧昂丝. Get biography, latest news, career highlights, and social media updates.

0· 109·0 current·1 all-time
by@hanxueyuan
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
Metadata/description says this is an information assistant for Beyoncé (biography, latest news, social updates). SKILL.md instead reads like a generic brand/org profile template (founding time/place, business lines, market layout). This mismatch means the declared purpose doesn't match what the instructions actually implement or require.
!
Instruction Scope
The SKILL.md is minimal and vague: it lists the kinds of information to provide but contains no runtime steps for fetching news or social media, and it treats the subject as a brand/organization rather than an individual artist. It does not instruct reading local files or requesting secrets, but it also doesn't explain how it will obtain 'latest news' or 'social media updates' (no APIs or sources specified).
Install Mechanism
Instruction-only skill with no install spec or code files. Lowest install risk — nothing is written to disk by an installer.
Credentials
No environment variables, credentials, or config paths are requested (which is proportionate to the present SKILL.md). However, because the description advertises live news and social media updates, the absence of declared API keys or data-source configuration is suspicious/unfinished — a legitimate implementation would usually require API tokens or at least declared data sources.
Persistence & Privilege
Defaults are used (not always: true). The skill can be invoked by the model (normal). There is no indication it modifies other skills or requests persistent system privileges.
What to consider before installing
This skill is internally inconsistent: the description promises a Beyoncé-focused assistant (bio, news, social feeds), but the runtime instructions are a generic brand profile and do not explain how news/social data will be fetched. Before installing: ask the publisher for the source/homepage and for a corrected SKILL.md that explains data sources and required credentials (if any). If you expect live news or social updates, require them to declare which APIs they use and any env vars needed. If you still want to test it, do so in a limited/revocable environment and avoid granting additional credentials until the implementation is clarified.

Like a lobster shell, security has layers — review code before you run it.

latestvk97cky6wzf6h30p33t8kasbjvx84xpwr

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments