Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Farmos Finance
v1.0.0Query farm financial data — cash flow projections, cost tracking, breakeven analysis. Requires admin authentication. Highly sensitive data.
⭐ 0· 831·6 current·6 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The name/description (farm financial queries) matches the documented endpoints, but the SKILL.md requires access to a local auth script (~/clawd/scripts/farmos-auth.sh) and a local role file (~/.clawdbot/farmos-users.json) which are not declared in the skill metadata. The skill also points at a raw IP (http://100.102.77.110:8010) rather than an official hostname. These local paths and internal-host usage are outside what the manifest lists and are unexpected for a simple query skill.
Instruction Scope
The runtime instructions direct the agent to execute a local script to obtain an admin token and to read a local user-role JSON file to enforce admin-only access. That means the agent must run code and read files in the user's home directory and call an internal IP API. The instructions also imply elevated privilege (admin tokens) and conditional unauthenticated access ('No Auth — if AI access toggle is enabled'), which is vague and broadens what the agent may do.
Install Mechanism
There is no install spec and no code files — the skill is instruction-only, so nothing will be written to disk by the skill package itself. This is the lowest install risk, but it increases the importance of the instructions' external actions.
Credentials
The manifest declares no required env vars or config paths, yet the SKILL.md depends on a local auth helper script and a specific role-mapping file in the user's home. It also mandates use of admin-level credentials (JWT). Requesting admin JWTs and reading home-directory files is high privilege and is not justified in the manifest.
Persistence & Privilege
The skill is not marked always:true and does not request to modify system or other skills. However, because it requires admin tokens and local file/script access, autonomous invocation (the default platform behavior) would let the agent fetch highly sensitive financial data without additional checks unless you restrict invocation. This combination increases risk even though 'always' is false.
What to consider before installing
This skill's SKILL.md tells the agent to run a local auth script and read a role file in your home directory and to call an internal IP API, but the published metadata doesn't declare those file/script requirements. That mismatch is risky because the agent could execute local code and access sensitive financial data using admin credentials. Before enabling: 1) Verify the existence, source, and safety of ~/clawd/scripts/farmos-auth.sh and ~/.clawdbot/farmos-users.json — do not enable the skill unless you trust them. 2) Prefer the developer to update the manifest to declare required config paths and any env vars. 3) Restrict autonomous invocation (or require manual approval) so the agent cannot fetch admin data without your explicit action. 4) Confirm the internal IP (100.102.77.110) is a known, trusted host on your network and not an unknown endpoint. If you cannot verify these points, do not install or grant it admin-level access.Like a lobster shell, security has layers — review code before you run it.
latestvk97260362m9m6hnwcrr2gvmrz581e0mc
License
MIT-0
Free to use, modify, and redistribute. No attribution required.