ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Nato

v0.1.1

Information assistant for NATO 北约. Get mission info, latest reports, member states, and organizational resources.

0· 87·1 current·1 all-time
by@hanxueyuan
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
Name/description claim: 'Information assistant for NATO ... mission info, latest reports, member states'. SKILL.md content: a generic 'nato 百科' brand/company template referencing '品牌故事', '产品矩阵', and '产品' — language and topics inappropriate for an intergovernmental organization. This is an obvious mismatch: the declared purpose (NATO reference data) is not supported by the instructions.
Instruction Scope
SKILL.md contains only a short template-like guide and trigger lines (when to read). It does not instruct the agent to call APIs, read files, or access credentials, so there is no immediate data-exfiltration instruction. However the instructions are vague and appear generic/placeholder, so the skill will not reliably produce the promised NATO content and may be the result of an incorrect or incomplete SKILL.md.
Install Mechanism
No install spec and no code files (instruction-only). This is low-risk from an installation/execution perspective because nothing is downloaded or written to disk by the skill itself.
Credentials
The skill requests no environment variables, no credentials, and no config paths. The lack of requested secrets is proportionate to an information-only skill (and removes a major risk vector).
Persistence & Privilege
always is false and the skill is user-invocable only. It does not request persistent privileges or to modify other skills. This is appropriate and not a red flag.
What to consider before installing
This skill appears misconfigured: its description promises a NATO information assistant but the runtime instructions are a generic 'brand' template and won't return the described content. There's no evidence of malicious behavior (no installs, no credentials requested), but it also won't be useful as-is. Before installing or using it, ask the publisher for the correct SKILL.md or provenance: where does it source NATO data (official NATO sites, databases, or APIs)? If you need reliable NATO information, prefer skills or tools that cite official sources. If you rely on this for important tasks, do not trust outputs until the skill is fixed. If the author cannot justify the mismatch, avoid enabling it.

Like a lobster shell, security has layers — review code before you run it.

latestvk9780q7tx6c3j60wyb2ydhtkr184xg8t

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments