ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Ohmy Skill

v1.1.0

ClawHub 技能的体检 + 评分 + 自动优化 + 排行榜查询 + 智能推荐基础设施。OhMySkill 系列首款产品。

0· 77·0 current·0 all-time
by@hunterdeng500

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for hunterdeng500/ohmy-skill.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Ohmy Skill" (hunterdeng500/ohmy-skill) from ClawHub.
Skill page: https://clawhub.ai/hunterdeng500/ohmy-skill
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install ohmy-skill

ClawHub CLI

Package manager switcher

npx clawhub@latest install ohmy-skill
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description (inspect, score, auto-optimize, leaderboard, recommendations for ClawHub skills) matches the SKILL.md capabilities. However the skill claims to '实时获取全站/分类 Top 技能排行榜' and '智能推荐' without declaring how it will obtain that data (no API endpoints, no required credentials, no declared network sources). That omission is not fatal but makes the capability under-specified: legitimate implementations might need access to a ClawHub API or website, which should be declared.
!
Instruction Scope
SKILL.md is high-level (scan SKILL.md, produce optimized SKILL.md, query rankings, recommend skills) but contains no concrete runtime steps, endpoints, or data-flow constraints. The instructions give the agent broad discretion (e.g., to fetch '实时' leaderboards or consult the user's installed skill stack) which could lead the agent to perform network requests or read other installed skills/configs. There are no explicit directives to read unrelated system files or env vars, but the vagueness effectively grants wide latitude.
Install Mechanism
No install specification and no code files — instruction-only skill. This minimizes on-disk risk because nothing is downloaded or executed by an install script.
Credentials
The skill declares no required environment variables, binaries, or credentials. That is proportionate to an instruction-only inspector. The lack of declared credentials is also the main cause of ambiguity for ranking/recommendation features: if those require access to protected APIs, credentials are missing from the manifest.
Persistence & Privilege
always:false and user-invocable:true. Model invocation is allowed (default), which is normal for skills. The skill does not request persistent system-wide privileges.
What to consider before installing
This skill appears to be what it says (inspection, optimization, rankings, recommendations) but the runtime instructions are vague about where leaderboard and recommendation data come from and what external network calls will be made. Before installing or running it: - Ask the author to specify the data sources/endpoints used for '实时排行榜' and '智能推荐' and to declare any required credentials (API keys) in requires.env. - If the skill needs to call external APIs, request a whitelist of domains and the exact request patterns. - Avoid enabling autonomous invocation on agents that have access to sensitive credentials or private skill stacks until you confirm the endpoints. - When trying it, run first in a sandboxed agent or with a non-sensitive sample skill and review any generated SKILL.md before applying changes. - If you cannot get concrete endpoint/credential info, treat the feature that fetches rankings/recommendations as potentially network-active and limit its privileges.

Like a lobster shell, security has layers — review code before you run it.

latestvk977ebcn109bfa923a2vr9144h85can5
77downloads
0stars
1versions
Updated 5d ago
v1.1.0
MIT-0
@hunterdeng500
latest
Download

OhMySkill

一句话定位:ClawHub 技能的"体检 + 优化 + 排行榜 + 智能推荐"基础设施,让你装的每一个 skill 都更好用、更安全、更聪明。

核心能力(v1.1)

  1. 单文件 / 批量扫描:扫描 SKILL.md,给出 5维专业评分
  2. 问题诊断 + 一键优化:自动生成更优版本的 SKILL.md
  3. ClawHub Skills 排名查询:实时获取全站 / 分类 Top 技能排行榜
  4. 智能技能推荐:根据用户需求、已安装 skill 栈、或扫描结果,推荐最匹配的 skill
  5. Before/After 对比:展示优化效果(token 节省、调用成功率提升)

使用示例

  • "ohmy skill 检查这个 skill" → 体检 + 优化
  • "ohmy skill 技能排名" → 显示当前 ClawHub Top 10
  • "ohmy skill 推荐一个总结 skill" 或 "根据我的 skill 栈推荐" → 智能推荐

现在开始工作吧!

Comments

Loading comments...