ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Gett

v1.0.1

提供以色列Gett平台叫车、行程查询、费用估算及企业出行服务,支持多车型和路线规划。

0· 80·0 current·1 all-time
by@hanxueyuan
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The metadata/description describes active platform capabilities (calling Gett, trip queries, fare estimates, enterprise services). However the skill has no code, no install, no required credentials, and the SKILL.md only contains a short brand encyclopedia. The declared capabilities are not implemented or justified by the artifact.
Instruction Scope
SKILL.md is minimal and safe in scope (it instructs the agent to respond with brand/company information when asked). It does not direct the agent to read files, access external APIs, or transmit data — but it also does not implement the interactive behaviors advertised.
Install Mechanism
No install spec and no code files are present, so nothing will be written to disk or fetched during install. This is low-risk from an install perspective.
!
Credentials
The claimed features (API calls, fare estimates, bookings) would normally require API credentials and possibly other environment configuration, but the skill declares no required environment variables or credentials. That mismatch suggests the skill is incomplete or misleading.
Persistence & Privilege
The skill does not request elevated persistence (always is false) and has no config paths or other privileges. Default autonomous invocation is allowed, which is normal; there is no indication of extra persistence or cross-skill modification.
What to consider before installing
This skill's description claims interactive Gett functionality (bookings, trip queries, fare estimates) but the actual SKILL.md only offers a short brand/company summary. Before installing or enabling it, ask the publisher for clarification: where are the API integrations or code that implement the advertised features, and what credentials (if any) will it require? Because there is no install or credential request, installing it poses low technical risk, but it will not deliver the promised capabilities as-is. If you need real Gett integrations, prefer a skill that documents API endpoints, required environment variables (e.g., API keys), or links to an official homepage/source repository.

Like a lobster shell, security has layers — review code before you run it.

latestvk97724hbnqr01sb82q9fwjxe0984xzmt

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments