ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Oxbridge

v1.0.1

提供牛津剑桥大学历史、学院介绍、学术项目及申请流程,助您了解英国顶尖大学的基本信息和校园生活。

0· 62·1 current·1 all-time
by@hanxueyuan
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The skill metadata and description promise Oxbridge (Oxford/Cambridge) university information, but SKILL.md's modules (e.g., 主营产品/服务, 分支机构, 商业背景调查, 产品咨询) describe a company/industry profile template. Required assets and declared purpose do not align with the instructions provided.
!
Instruction Scope
SKILL.md contains only a short, generic template and read_when triggers; it does not provide guidance on sourcing authoritative university details (no official sites/APIs, no citation rules). The instructions are vague and oriented toward business intel rather than academic/university content, which grants the agent broad discretion and risks producing irrelevant or misleading output.
Install Mechanism
No install spec and no code files — instruction-only skill, so nothing is written to disk or fetched at install time.
Credentials
No required environment variables, credentials, or config paths are requested — the skill does not ask for secrets or unrelated access.
Persistence & Privilege
always is false and there are no special persistence requests. The skill can be invoked by the agent (normal default) but it does not request elevated or permanent presence.
What to consider before installing
This skill is internally inconsistent: the description promises Oxford/Cambridge university information but the provided SKILL.md looks like a generic business profile template. Before installing, ask the publisher (or the registry) to clarify or fix the SKILL.md so it actually outlines how the agent will gather and cite university history, colleges, programs, and application guidance. If you must test it, do so in a non-production environment and verify outputs against authoritative sources (official university websites). Because the skill requests no credentials and has no install step the technical risk is low, but its mismatch means it will likely return irrelevant or misleading information unless corrected.

Like a lobster shell, security has layers — review code before you run it.

latestvk974eyxtqc9regr20t3z4z730d84wz9f

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments