ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Capture Classification

v1.0.4

Standard Operating Procedure (SOP) that routes unstructured text to Tasks or LanceDB based on urgency using atomic nodes.

0· 103·1 current·1 all-time
by@zvirb

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for zvirb/capture-classification.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Capture Classification" (zvirb/capture-classification) from ClawHub.
Skill page: https://clawhub.ai/zvirb/capture-classification
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Required binaries: gog
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install capture-classification

ClawHub CLI

Package manager switcher

npx clawhub@latest install capture-classification
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The skill claims to route inbound text to Google Tasks or a vector store (LanceDB). The SKILL.md references atomic nodes (LLM-Classify-Intent, Google Tasks Create Task, Vector Store Upsert Memory) which is consistent with the stated purpose — but the declared requirements do not: the manifest lists no credentials or config for Google or any vector DB, and it requires a binary named 'gog' which is unrelated to the described functionality. Either credentials/connection info are missing from the manifest, or the skill expects implicit access via atomic nodes. This is an incoherence.
!
Instruction Scope
The instructions direct the agent to invoke external atomic nodes that will call Google Tasks and a vector store and to retry on failures. The SKILL.md does not specify which Google account, scopes, or vector store endpoint to use, nor does it tell the agent to obtain user consent or to store tokens. The SOP also mentions LanceDB in the description but the runtime text only says 'Vector Store Upsert Memory' without identifying the vendor/endpoint. Because the skill will cause network actions (through atomic nodes) without declaring where credentials come from, the instruction scope is under-specified and potentially risky.
Install Mechanism
No install spec and no code files (instruction-only), which minimizes on-disk risk. However the declared required binary 'gog' is unexpected for a purely orchestration SOP and there is no explanation of why it's required; that's a mismatch to note but not an installation-action risk because nothing will be written to disk by the skill itself.
!
Credentials
The skill requires zero environment variables or credentials, yet it instructs calls to Google Tasks and a vector store (LanceDB implied). Those integrations normally require API keys or OAuth credentials. The absence of declared credentials is disproportionate: either the platform is expected to supply access via pre-configured atomic nodes (not documented), or the manifest is incomplete. This mismatch could lead to silent failures or unexpected use of existing agent credentials.
Persistence & Privilege
The skill is not marked 'always' and uses the default autonomous invocation flag, which is normal. It does not request any special persistent presence or claim to modify other skills or system-wide settings.
What to consider before installing
This skill's SOP is coherent at a high level, but several practical and security details are missing. Before installing or enabling it, ask the publisher (or check the platform) for: (1) which atomic nodes will be invoked exactly and what permissions/scopes those nodes require (Google Tasks OAuth scopes, API keys, LanceDB host/credentials); (2) why the 'gog' binary is declared as required and whether it's actually used; (3) where the vector store endpoint is configured and who controls it (to avoid writing sensitive text to an unknown external DB). If you don't get clear answers, do not enable the skill with broad agent credentials: at minimum, restrict the atomic nodes' permissions to only the needed Google Tasks scope, and verify the vector store endpoint is one you control. Also prefer a manifest that declares required env vars or config paths explicitly so you can review and consent to them.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

Binsgog
latestvk97239t0q1jab9sq7m5cy8s4an85qv1g
103downloads
0stars
5versions
Updated 19h ago
v1.0.4
MIT-0
@zvirb
latest
Download

Lean Philosophy (Principles)

  • Kaizen (改善): This workflow relies entirely on discrete, single-responsibility atomic nodes rather than a monolithic loop.
  • Standardized Work (Hyojun Sagyo): This node represents a strict, step-by-step Standard Operating Procedure (SOP) for inbound text classification.
  • Jidoka (自働化): Includes autonomous self-healing loops with hard verification stops between every step.

Capture Classification SOP

This procedure guides the agent to act as a semantic router for inbound text using explicitly defined atomic nodes.

Cognitive Directives

WHEN [Unstructured audio transcript or note text is captured] THEN [ Follow this strict Standard Operating Procedure:

Step 1: Classification

  • Execute the LLM-Classify-Intent atomic skill with categories: ["Actionable", "Informational"].
  • Jidoka Stop: Verify the skill returns exactly one of the requested categories. IF it fails, instruct it to correct the output and retry. Do NOT proceed until a valid category is obtained.

Step 2: Routing Execution

  • IF "Actionable":
    • Execute the Google Tasks Create Task atomic node using the text as the title.
    • Jidoka Stop: Check if the node returns a successful JSON response. IF it fails, retry up to 3 times. IF it still fails, report the error and STOP.
  • IF "Informational":
    • Execute the Vector Store Upsert Memory atomic node to save it as reference material.
    • Jidoka Stop: Verify the vector store confirms a successful upsert. IF it fails, retry up to 3 times. IF it still fails, report the error and STOP. ]

Expected Output

A JSON log confirming the routed destination and action taken by the respective atomic node.

Comments

Loading comments...