ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Idea Capture

v1.0.0

Capture or update an idea, append an update log, and write a session summary for later retrieval.

0· 90·1 current·1 all-time
by@kid0114

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for kid0114/idea-capture.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Idea Capture" (kid0114/idea-capture) from ClawHub.
Skill page: https://clawhub.ai/kid0114/idea-capture
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install idea-capture

ClawHub CLI

Package manager switcher

npx clawhub@latest install idea-capture
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description align with what the skill actually does: create/update idea Markdown files, session summaries, a human INDEX.md, and a catalog.json in a workspace-local ideas/ directory. There are no unrelated credentials, binaries, or network endpoints requested.
!
Instruction Scope
SKILL.md instructs the agent to run the included script with optional --idea-id input. The script writes files under a workspace ideas/ layout only, which is expected. However, the code uses the provided idea_id directly when constructing file paths (IDEAS_DIR / f"{idea_id}.md") without validating or sanitizing it. If an attacker or a misbehaving agent supplies a crafted idea_id containing path components (e.g., '../otherdir/evil'), the script could create or overwrite files outside the intended ideas/ directory. SKILL.md does not warn about this or restrict inputs.
Install Mechanism
This is an instruction-only skill with a bundled Python script; there is no install spec, no external downloads, and nothing is written to disk at install time beyond the skill's own files. Risk from install mechanism is low.
Credentials
The skill declares no required environment variables, no credentials, and no config paths. The script also does not read environment variables or network endpoints. Its filesystem access is limited to writing the ideas/ subtree — appropriate for its purpose, except for the unsanitized idea_id issue noted above.
Persistence & Privilege
The skill is not force-included (always: false) and is user-invocable; it does not modify other skills or global agent settings. Its persistence is limited to creating and updating files in the repository workspace (the intended behavior).
What to consider before installing
This skill generally does what it claims — it writes idea files, a human index, a catalog.json, and per-session summaries into an ideas/ directory. Before installing or allowing an agent to invoke it automatically, consider: 1) The script accepts an --idea-id and uses it directly to build file paths without sanitization; do not pass idea_id values from untrusted sources (they could include ../ to escape the ideas/ directory). 2) Only run this skill in workspaces you trust or where overwriting arbitrary files would not be harmful. 3) Recommended fixes: sanitize idea_id (e.g., run slugify on any supplied idea_id or explicitly reject path separators), or resolve and verify the target path is inside IDEAS_DIR (compare .resolve() parents). 4) If you plan to let an autonomous agent call this skill, restrict inputs and/or disable autonomous invocation until the path-handling is hardened. If you want, I can produce a small patch that enforces safe idea_id handling and prevents path traversal.

Like a lobster shell, security has layers — review code before you run it.

latestvk97dg3zxh4sqaas7f676j3jqwn83x5zn
90downloads
0stars
1versions
Updated 4w ago
v1.0.0
MIT-0
@kid0114
latest
Download

Idea Capture

Use this skill when the user wants to save or update an idea/project discussion.

Storage

  • Main idea doc: ideas/<idea-id>.md
  • Session summaries: ideas/summaries/<idea-id>/<timestamp>.md
  • Human index: ideas/INDEX.md
  • Machine catalog: ideas/catalog.json

Inputs

Provide what you have:

  • title
  • summary
  • notes
  • tags
  • mode: create | update | auto
  • optional idea_id
  • optional source
  • optional open questions / next steps

Matching rules

  • update: require an existing match
  • auto: prefer idea_id, then normalized title/slug, else create
  • avoid duplicate idea files when a clear match exists

Behavior

Use scripts/idea_capture.py for the write/update work.

Example:

python3 skills/idea-capture/scripts/idea_capture.py \
  --title "Desktop Pet OpenClaw" \
  --summary "Turn OpenClaw into a desktop pet assistant" \
  --notes "Need create/update/session-summary support." \
  --tags ai,desktop,agent \
  --mode auto \
  --source qqbot

Expected result

Report:

  • idea id
  • created vs updated
  • changed files
  • session summary path

Guardrails

  • Keep the main idea doc readable.
  • Preserve update history.
  • Put chronology in update logs / session summaries, not in long repeated prose.

Comments

Loading comments...