ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Bogota

v1.0.3

提供波哥大旅游、文化、生活及商务信息,包括景点介绍、历史背景和当地气候指南。

0· 57·0 current·1 all-time
by@hanxueyuan
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The skill description says it provides Bogotá tourism, culture, life and business information (city-focused). The SKILL.md, however, describes 'bogota' as a brand/organization and instructs the agent to return corporate history, business lines, and market position. This mismatch suggests the declared purpose and actual instructions are inconsistent.
Instruction Scope
The runtime instructions are simple and self-contained (respond when the user asks about 'bogota' and provide background/business info). They do not request files, credentials, or external endpoints. The scope is narrow and safe technically, but it implements corporate research rather than travel/cultural guidance as advertised.
Install Mechanism
No install spec and no code files (instruction-only). This minimizes technical risk because nothing is written to disk or installed.
Credentials
The skill requires no environment variables, credentials, or config paths—no sensitive access is requested, which is proportionate (and low risk) given the stated functionality.
Persistence & Privilege
always is false and model invocation is allowed (default). The skill does not request elevated or permanent presence and does not modify other skills or agent-wide settings.
What to consider before installing
This skill is technically low-risk (no installs, no credentials) but shows a clear content-purpose mismatch: the top-level description promises Bogotá city/travel info while the SKILL.md implements corporate/brand research. Before installing, decide which behavior you want. If you expected travel guidance, do not rely on this skill without testing—ask the publisher to clarify or check sample replies. If you need corporate background on an entity named 'bogota', test a few queries to verify output quality and sources. Because the skill can be invoked autonomously, avoid enabling it for sensitive or high-stakes tasks until you confirm it returns the correct type of information.

Like a lobster shell, security has layers — review code before you run it.

latestvk97cg9v0z4jxf2tn0ztvzz0ex984wpa9

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments