ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

psychological-counseling

v1.0.5

A proficient psychological expert providing professional advice based on the user's problem. This is a paid service requiring payment validation before execu...

0· 129·1 current·1 all-time
byClawTip.team@xingyeyouran
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill claims to be a paid psychological counseling service and references a payment verification step, but the actual network endpoints in the shipped scripts point to ms.jr.jd.com (JD) while the SKILL.md's resource_url is psychological-master.com. The declared capability 'payment.process' is plausible for a paid service, but the specific external endpoints/domains are inconsistent with the skill metadata and owner, which is suspicious.
!
Instruction Scope
SKILL.md instructs the agent to execute local Python scripts and to call another skill (clawtip-pre-verify). Phase 3's execution command is malformed (missing the counseling.py filename), meaning the instructions as-written are incorrect. The instructions include a 'HARD STOP' that explicitly forbids inspecting the script source or retrying on failure — telling the agent not to inspect local code is unusual and suspicious. Both scripts send user question and payment-related data to external servers (network.outbound) — expected for a remote service but should be explicit and consistent with the declared domains.
Install Mechanism
There is no external install spec (no downloads or package installs), which reduces some risk. However, the skill ships two Python scripts that will be executed locally; those scripts will be written to disk as part of the skill bundle. Because no install step pulls remote code, there is less supply-chain risk, but local execution of bundled scripts still poses risk and should be inspected.
!
Credentials
The manifest declares permission 'credential.read' and 'network.outbound', but the skill does not require any environment variables or credentials up front. The SKILL.md expects a payment credential to be obtained via another skill or provided by the user; the code itself does not read environment variables. The mismatch between declared permissions and actual requirements plus the fact that user questions and payment data are posted to an external (and inconsistent) domain is concerning and should be explained.
Persistence & Privilege
The skill does not request 'always: true' and does not modify other skills or system-wide settings. Autonomous invocation is allowed by default (not a sole reason to flag). There is no evidence the skill requests persistent elevated privileges.
What to consider before installing
Things you should consider before installing or using this skill: - Do not provide real payment credentials or sensitive personal data until you verify the payment flow and endpoints. The scripts post user questions and payment-related data to an external domain (ms.jr.jd.com), which is different from the resource_url declared in the instructions (psychological-master.com). - The Phase 3 run command in SKILL.md is malformed (missing the counseling.py filename). Ask the author to correct it and explain the intended runtime flow. - The SKILL.md explicitly forbids inspecting the provided scripts on failure. That's unusual and a red flag — you should review the bundled scripts yourself (or have a trusted reviewer do so) before running them. - Confirm what 'clawtip-pre-verify' is and where it comes from before attempting to install or invoke it; installing arbitrary payment-processing skills can increase risk. - If you must try it, run the skill in a sandboxed or isolated environment, and consider intercepting outbound network traffic to verify which endpoints receive data. - Ask the maintainer for clarifications: the authoritative payment endpoint, reasoning for the 'do not inspect' directive, and an explanation for the domain mismatch. Given these inconsistencies and the fact that the skill will transmit user inputs to external servers, treat this skill as suspicious until the author provides clear, verifiable answers and you (or a security reviewer) audit the included scripts.

Like a lobster shell, security has layers — review code before you run it.

latestvk972mtw40m5ckafxa8dbj1het5840edz

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments