ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Copilot

v1.0.0

Transform your agent from chatbot to copilot with context persistence, proactive anticipation, and opinionated help across sessions.

4· 792·2 current·2 all-time
byIván@ivangdavila
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The skill's stated goal (turning a chatbot into a copilot with persistent context) matches the main mechanisms it prescribes: reading and writing state files under ~/copilot/, heartbeat/cron activation, and opinionated responses. However, some aspirational capabilities (detecting IDE/terminal/git, reading email/calendar/Slack signals) are mentioned as 'signals' without any declared credentials or mechanisms — this is an architectural note (not necessarily malicious) but it is ambiguous how those signals would be obtained in practice.
Instruction Scope
Runtime instructions explicitly require reading and creating files in the user's home (~/copilot/*) and appending to logs (decisions.md). They also recommend taking screenshots (vision) selectively. This is coherent with the copilot purpose, but it has privacy implications: the agent will persist potentially sensitive context locally and will read it on every activation. The instructions also suggest actions like 'read recent terminal errors' and 'summarize email threads' without specifying exact file paths or required integrations — that broad wording could lead an agent to attempt reading other user files unless constrained.
Install Mechanism
There is no install spec and no code files to execute. As an instruction-only skill it does not write new binaries, download archives, or request package installs — low install risk.
Credentials
The skill does not request any environment variables, credentials, or config paths. This is proportionate: the design relies on local state files rather than external APIs. Note: the guidance references external systems (calendar, Slack, email) as useful signals but does not request tokens — if the skill were later extended to integrate with those services, additional credentials would be required.
Persistence & Privilege
The skill does not force permanent inclusion (always:false) and does not request elevated system privileges. Its persistence model is local file storage under the user's home directory, which is appropriate for this functionality but does warrant user review of what gets stored.
Assessment
This skill is internally consistent but has privacy implications you should consider before installing: - It will create and read files under ~/copilot/ (active, priorities, decisions, patterns, per-project files). Those files can contain sensitive information — avoid logging secrets (passwords, API keys, private keys) into decisions.md or project files. - Screenshots are part of its recommended behavior. Confirm how your agent processes vision data (locally vs. sent to external services) before allowing screenshots. - The skill references reading 'terminal, git, email, calendar, Slack' as useful signals but does not declare credentials for those systems. If you later grant the agent integrations to those services, review and limit which scopes/tokens it receives. - Because the skill reads state on every activation, deleting ~/copilot/ removes its memory. Consider initializing and inspecting the files yourself before enabling autonomous behaviors. - If you are concerned about accidental data access, restrict the agent's filesystem permissions (or run in an environment where ~/copilot/ is the only accessible workspace). If these trade-offs are acceptable (local state store and selective screenshots), the skill's behavior matches its description. If you need stronger guarantees, request the author to specify where vision processing occurs, to limit which host paths the skill may read, and to document any external integrations clearly.

Like a lobster shell, security has layers — review code before you run it.

latestvk97cm50y5ea7a2n0q3bg14avgs812961

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments