ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Cambridge

v0.1.3

Information assistant for Cambridge University 剑桥大学. Get mission info, latest reports, member states, and organizational resources.

0· 102·1 current·1 all-time
by@hanxueyuan
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The registry description names 'Cambridge University' and mentions mission info, member states, and organizational resources, but the SKILL.md is generic marketing/brand research guidance about a 'cambridge' organization (products, market layout, news). This mismatch between claimed purpose and actual instructions is unexplained and disproportionate.
Instruction Scope
SKILL.md is short and only says to be used when a user asks about 'cambridge' and lists topics to provide (history, products, market, news). It does not instruct accessing files, credentials, or external endpoints, but it is vague about what sources to use and gives broad discretion on content selection.
Install Mechanism
No install spec and no code files — instruction-only skill. This is low risk from installation perspective because nothing will be written to disk or installed.
Credentials
The skill declares no required environment variables, binaries, or config paths. Requested privileges are proportionate (none).
Persistence & Privilege
Default runtime flags (not always, model invocation allowed). The skill does not request persistent presence or elevated privileges.
What to consider before installing
This skill is low-risk technically (no installs, no credentials), but the description and the SKILL.md disagree: the listing claims a Cambridge University focus while the instructions read like a generic brand/market research helper. Before installing or using it: 1) confirm the publisher/source and homepage (none listed here) — lack of provenance is a red flag; 2) test the skill with non-sensitive queries to see what sources it cites; 3) avoid providing any private data or credentials to the skill; and 4) prefer a skill with clear metadata and matching instructions if you need authoritative university information.

Like a lobster shell, security has layers — review code before you run it.

latestvk97exz84gn4x6fwk50kz4ngwx584x14g

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments