Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill's name/description advertise product info, price queries, and technical support for HyperX products, but the SKILL.md only provides background/market-overview guidance (history, product features, market layout, news). Requested resources (env vars, binaries, installs) are minimal/none — however the advertised runtime capabilities are broader than the actual instructions.
Instruction Scope
SKILL.md is small and scoped: it tells the agent to provide background info and lists when to read. It does not instruct reading system files, accessing environment variables, contacting external endpoints, or transmitting data — no scope creep visible in the instructions themselves.
Install Mechanism
No install spec and no code files (instruction-only). This is the lowest-risk install profile; nothing is written to disk or downloaded by the skill.
Credentials
The skill declares no required environment variables, credentials, or config paths. There is no apparent need for secrets or system access for the documented runtime behavior.
Persistence & Privilege
Skill does not request always:true and uses default invocation settings. It does not request elevated persistence or modify other skills; no privilege concerns from the metadata.
What to consider before installing
This skill is instruction-only and appears low-risk, but its public description claims capabilities (price checks, technical support) that are not present in the SKILL.md. Before installing or enabling it for autonomous use, ask the publisher to clarify: (1) will it perform live price queries or integrate with vendor APIs — if so, what credentials/endpoints are required; (2) will it provide troubleshooting steps or access to support systems; and (3) who is the owner and where is the homepage/source code? If you need pricing or support automation, prefer a skill that documents its runtime steps and required permissions (APIs, env vars). If the owner cannot clarify or supply code/docs, treat the skill as limited to background info and avoid relying on it for live price queries or support actions.Like a lobster shell, security has layers — review code before you run it.
latestvk972syqxwsjpvg0z9gp7zayzth84x5ds
License
MIT-0
Free to use, modify, and redistribute. No attribution required.