ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Lebron Messi

v1.0.1

提供lebron-messi品牌的背景、产品详情、市场覆盖和行业分析信息查询服务。

0· 36·1 current·1 all-time
by@hanxueyuan
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The top-level description says the skill provides background, product details, market coverage and industry analysis for a 'lebron-messi' brand, but the SKILL.md is a sports career comparison of two athletes. Required resources (none) are minimal but mismatched to the described purpose, suggesting the manifest is inaccurate or the skill is mislabeled.
Instruction Scope
The SKILL.md instructions themselves are narrowly scoped and only contain benign content (biographies, achievements, and comparisons). They do not request files, credentials, or external endpoints. However, they do not implement the declared brand/market analysis functionality — the instructions are coherent for an athlete-comparison skill but not for the described brand-analysis purpose.
Install Mechanism
No install spec and no code files are present (instruction-only). This minimizes installation risk because nothing is written to disk or auto-installed.
Credentials
The skill declares no required environment variables, credentials, or config paths. No disproportionate or unexplained secrets are requested.
Persistence & Privilege
always is false and the skill is user-invocable only. It does not request permanent presence or elevated privileges.
What to consider before installing
This skill appears mislabeled: the manifest promises brand/market analysis but the runtime content is a harmless athlete comparison. Before installing or enabling it for autonomous use: 1) Confirm with the publisher what the skill is supposed to do. 2) If you expected brand/market functionality, do not rely on this package. 3) Because it's instruction-only and requests no credentials, it's low technical risk, but its mismatch could indicate sloppy packaging or a copy/paste error — treat it as untrusted until clarified. If you need brand/market analysis, look for a skill whose description, SKILL.md, and source align.

Like a lobster shell, security has layers — review code before you run it.

latestvk97759kh8qhbdj2hdngmxfvz9184za7z

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments