Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
coware-skills
v1.0.0Coware Living Specs — shared API spec sync for multi-agent coding teams. TRIGGER when: project has .coware/ directory, user mentions shared specs, API alignm...
⭐ 0· 0·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill instructs the agent to run Node scripts (.coware/pull.mjs and .coware/sync.mjs) and to read/write files under .coware/. That behavior is consistent with a spec-sync tool, but the skill metadata declares no required binaries (Node) or credentials. Not declaring Node as a required binary and not describing where credentials come from (they appear to live in .coware/config.json) is an incoherence and reduces transparency.
Instruction Scope
SKILL.md tells the agent to fetch and 'follow ALL instructions' from an external URL (https://coware.team/llms.txt) and to 'Execute ALL steps in ONE go' and never ask the user questions except via a tool-based dialog. This effectively delegates control to a remote document and encourages autonomous execution of potentially arbitrary instructions. The doc also tells agents to scan the whole codebase to generate specs if none exist, which broadens the data the agent will access.
Install Mechanism
There is no install spec and no code files in the registry package — lowest-risk from install-time distribution. The runtime still expects local scripts under .coware/ to exist and be executed; that is an operational dependency rather than an installation step.
Credentials
The skill declares no required environment variables or primary credential. However, it expects to read .coware/config.json (which may contain invite codes or auth tokens) and to perform server sync/pull operations. Not declaring where authentication comes from or what secrets might be read is an information gap but could be legitimate if credentials are stored in the project config; still, the lack of explicit credential handling is a transparency issue.
Persistence & Privilege
always:false and model invocation are normal. But the instructions explicitly require agents to perform multi-step setup without asking the user for textual confirmation and to auto-join projects using invite codes from .coware/config.json — this grants the agent broad autonomous authority to act on the user's behalf (including networked pushes/pulls). That combination increases risk if the remote guide contains unsafe actions.
What to consider before installing
This skill's goal (keeping team API specs in sync) is reasonable, but before installing or running it: 1) Review the contents of .coware/pull.mjs and .coware/sync.mjs locally to see what network calls and commands they perform. 2) Inspect .coware/config.json for any tokens/invite codes and avoid sharing those publicly. 3) Do not allow the agent to 'follow ALL instructions' from external URLs automatically — open and review https://coware.team/llms.txt yourself before executing anything it recommends. 4) Ensure Node is available in your environment and consider running pull/sync commands in a sandboxed environment the first time. 5) Prefer workflows where the agent asks you to confirm potentially destructive or credential-using actions rather than executing them unprompted.Like a lobster shell, security has layers — review code before you run it.
latestvk970q40yd36603ztrgekyaaezn84ct35
License
MIT-0
Free to use, modify, and redistribute. No attribution required.