ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Culvers

v1.0.1

提供卡弗斯餐厅菜单查询、会员积分服务及优惠券信息,支持中西部风味美式快餐推荐。

0· 65·1 current·1 all-time
by@hanxueyuan
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The metadata/description claims menu queries, membership points and coupon information, but the provided SKILL.md only contains a static brand overview and usage hints. There are no environment variables, APIs, or instructions that would enable the claimed interactive features, so the declared purpose is not implemented.
Instruction Scope
SKILL.md is short and self-contained: it instructs the agent to provide a general Culvers overview and suggests using the official site for authoritative info. It does not instruct the agent to read local files, access credentials, or call external endpoints — but it also doesn't provide any runtime steps to perform the advertised menu/membership queries.
Install Mechanism
No install spec and no code files — instruction-only skill. This is the lowest-risk install profile (nothing is written to disk).
!
Credentials
The skill requests no environment variables or credentials. Given that the description promises membership/coupon functionality (which normally requires API keys or account tokens), the absence of any declared credentials or integration details is inconsistent and suggests the feature claims are unimplemented or misleading.
Persistence & Privilege
No special persistence or elevated privileges requested (always:false, no config paths). Autonomous invocation is allowed by default but is not combined with other red flags here.
What to consider before installing
This skill appears low-risk technically (no installs or credential requests) but is misleading: it advertises menu, membership, and coupon features that are not implemented in the instructions. Before installing, consider asking the publisher for a clear implementation (how menu and membership queries are performed, what APIs or credentials are needed) or prefer authoritative sources (official Culvers website). Do not supply any account credentials unless the skill documents a legitimate, verifiable integration and you trust the source.

Like a lobster shell, security has layers — review code before you run it.

latestvk97492phrv5n3xywh8zgcxa95h84x4t1

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments