ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Kuruma

v1.0.1

Provide taxi booking, trip details, fare estimates, and route planning for local Japanese rides via the Kuruma platform.

0· 96·0 current·1 all-time
by@hanxueyuan
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The skill's top-level description promises taxi booking, fare estimates, and route planning for Japanese rides. Nothing in the package (no env vars, no binaries, no install, and the SKILL.md) implements or explains how to access Kuruma's APIs or perform bookings. That mismatch suggests the skill is incomplete or misleading.
!
Instruction Scope
SKILL.md contains only a brief company overview and guidance for when to use the information; it does not include runtime instructions for making bookings, calling APIs, or handling credentials. The instructions stay narrowly scoped but do not fulfil the advertised functionality.
Install Mechanism
This is an instruction-only skill with no install spec and no code files, so there is no installer activity or downloads to evaluate.
Credentials
The skill declares no required environment variables, credentials, or config paths — consistent with the provided SKILL.md which does not perform networked operations or require secrets.
Persistence & Privilege
Defaults are used (always:false, agent invocation allowed). The skill does not request elevated persistence or modify other skills/config, so there are no privilege concerns from the metadata.
What to consider before installing
This skill's description and its actual instructions don't line up: it advertises live taxi-booking features but only contains a short company overview and no code, API usage, or credential requirements. If you expected a booking integration, ask the publisher for: (1) an implementation that explains how bookings are made (API endpoints, required env vars), (2) a trustworthy homepage or source repo, and (3) clear install instructions. Because it's instruction-only and requests no secrets, it's low-risk to install from a system-security perspective, but it will not provide the advertised booking functionality as-is. Proceed only if you only need a static company summary; otherwise request clarification or a different skill that legitimately integrates with Kuruma's API.

Like a lobster shell, security has layers — review code before you run it.

latestvk97d3985v8kr0tr96m3qfb8ym584w59n

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments