Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
org-cli
v1.0.0Task capture, scheduling, and linked knowledge in org-mode files via the `org` CLI. Query, mutate, link, and search the user's org files and org-roam database.
⭐ 0· 0·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The skill claims to manage org-mode files via the 'org' CLI and all code and registered tools call the 'org' binary and operate against workspace, roam directory, and SQLite DB. Requiring the 'org' binary is appropriate for the stated purpose. One minor mismatch: the registry lists ORG_CLI_DIR as required but the code also reads optional env vars ORG_CLI_ROAM_DIR, ORG_CLI_DB, ORG_CLI_BIN, and ORG_CLI_INBOX_FILE (with sensible defaults).
Instruction Scope
Runtime instructions and the plugin implementation only run the 'org' CLI, read/write files under the workspace/roam paths, and interact with the org SQLite DB. The SKILL.md and code consistently instruct the agent to search-before-create and to avoid silent writes. There are no instructions to read unrelated system files, reach external network endpoints, or exfiltrate secrets.
Install Mechanism
No external install spec is executed by the runtime; the bundle includes plugin code and uses the host 'org' binary. SKILL.md contains a human-facing suggestion to download releases from the GitHub repo, but there is no automated download/install step that would fetch arbitrary remote code.
Credentials
The skill does not request secrets and only needs access to the user's org workspace and the 'org' binary. However, the declared required env var is only ORG_CLI_DIR while the code optionally reads ORG_CLI_ROAM_DIR, ORG_CLI_DB, ORG_CLI_BIN, and ORG_CLI_INBOX_FILE (all with defaults). This is likely benign but users should be aware the plugin will read/write the roam directory and DB if those envs are set or defaulted to locations under the home directory.
Persistence & Privilege
always is false and the skill does not request forced/system-wide presence. It registers a before_agent_start hook to prepend instructions (a normal plugin behavior) and exposes tools the agent may call; autonomous invocation is permitted by platform default but not escalated beyond normal plugin capabilities.
Assessment
This skill appears to do what it says: it runs your local 'org' CLI and will read and modify files under the workspace directory (including the roam subdir and its SQLite DB). Before enabling it: (1) verify the 'org' binary you expect is installed and on PATH or set ORG_CLI_BIN to the correct path; (2) set ORG_CLI_DIR (and optionally ORG_CLI_ROAM_DIR / ORG_CLI_DB) to a directory/DB you are comfortable the agent can modify; (3) back up your org files and DB (or test in a copy) — the agent will perform writes; (4) review the GitHub repo/homepage and the included plugin code if you want source-level assurance. The only noteworthy inconsistencies are documentation/manifest differences around optional env vars and a human-facing install suggestion in SKILL.md — these are not malicious but you should confirm paths before use.plugin/lib.ts:179
Shell command execution detected (child_process).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.Like a lobster shell, security has layers — review code before you run it.
latestvk979mpkamqvcab136effc23ap98530cc
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🦄 Clawdis
Binsorg
EnvORG_CLI_DIR