Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
omarchy
v0.1.1Omarchy operating guardrails for day-to-day system work: assume the host is Omarchy by default, choose Omarchy-native workflows first, map user intent to the correct omarchy-* wrapper/script family, and avoid generic Linux commands that conflict with Omarchy behavior. Use whenever handling local system tasks on this host unless the user explicitly says it is not Omarchy; prioritize safe Omarchy commands, prevent non-Omarchy shortcuts (e.g., ad-hoc process killing/relaunch patterns), troubleshoot desktop behavior, and validate the right script before execution.
⭐ 0· 789·2 current·2 all-time
byAchal Singhal@achals-iglu
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name/description say this is an Omarchy operating-mode guardrail for local system tasks and the SKILL.md only instructs the agent to prefer and inspect local omarchy-* wrapper scripts. There are no unrelated env vars, binaries, or install steps requested, so the requested capabilities align with the described purpose.
Instruction Scope
The instructions direct the agent to statically inspect and prefer scripts under /home/achals/.local/share/omarchy/bin and to use read-only/status commands before taking impactful actions. This is appropriate for a local guardrail, but the path is hard-coded to a specific home directory ("/home/achals"), which may not match other hosts and could cause the agent to read a user's home files. The SKILL.md explicitly warns not to run scripts until sure, and discourages bulk probing, which reduces risk.
Install Mechanism
No install specification or code is included (instruction-only). That minimizes disk-write/execution risk and is proportional for a guidance/guardrail skill.
Credentials
The skill requests no environment variables, credentials, or config paths. Its instructions only reference a local script directory relevant to the stated purpose, so the level of access requested is proportionate.
Persistence & Privilege
The skill is not marked always:true and does not request persistent system changes or modify other skills. Autonomous invocation is allowed by platform default, but that is not excessive given the skill's benign, local-scope purpose.
Scan Findings in Context
[NO_REGEX_MATCHES] expected: This is an instruction-only skill with no code files, so the static regex scanner had nothing to analyze. That absence of findings is expected and not evidence of safety by itself.
Assessment
This skill appears coherent: it guides the agent to prefer and inspect local omarchy-* wrapper scripts instead of running raw system commands, and it doesn't request credentials or install code. Before installing, confirm that this host actually uses Omarchy and that the hard-coded path (/home/achals/.local/share/omarchy/bin) matches your environment; otherwise the skill may attempt to read a different user's home-path or be ineffective. Also review the actual scripts in the referenced directory (and their header comments) so you trust what the agent may propose running, and be cautious about granting the agent autonomous execution rights if you do not want it to run local scripts without approval.Like a lobster shell, security has layers — review code before you run it.
latestvk97008vctgrvs3d589evre9msh810qke
License
MIT-0
Free to use, modify, and redistribute. No attribution required.