ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

PsyClaw GAD-7

v0.1.0

Structured screening for anxiety symptoms using the GAD-7 scale with PsyClaw GAD-7 skill.

0· 98·0 current·0 all-time
by@anctro

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for anctro/psyclaw-gad7.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "PsyClaw GAD-7" (anctro/psyclaw-gad7) from ClawHub.
Skill page: https://clawhub.ai/anctro/psyclaw-gad7
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install psyclaw-gad7

ClawHub CLI

Package manager switcher

npx clawhub@latest install psyclaw-gad7
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
Purpose & Capability
The stated purpose (run a GAD-7 screening and submit results) is coherent with the content of gad7.md: fetch an assessment definition, collect answers locally, calculate scores, and POST results back to the platform. However the SKILL.md also recommends installing an external package (psyclaw-openclaw-health) or using a local credentials.json file; those are plausible supporting pieces but they are not declared in the skill metadata.
!
Instruction Scope
gad7.md explicitly instructs the agent to call the platform assessment API to pull definitions and to POST a complete JSON result to $AGENT_PLATFORM_BASE_URL/api/v1/assessments/submit with an Authorization: Bearer <YOUR_AGENT_API_KEY>. It also tells the agent to read the local file .agents/skill-docs/openclaw-health/credentials.json as an alternative. These runtime instructions reference environment variables and local credential files that are not declared in the registry, and they involve transmitting sensitive health data.
Install Mechanism
There is no install spec in the registry (instruction-only skill). SKILL.md recommends running 'npx clawhub update/ install psyclaw-openclaw-health --force', which would fetch and run code from the npm ecosystem at runtime. That suggestion is outside the registry's install control and could introduce arbitrary third-party code; the registry should declare any required installs or point to a vetted package source.
!
Credentials
The skill metadata lists no required environment variables or config paths, yet the example submission and runtime steps require AGENT_PLATFORM_BASE_URL and an agent API key (Authorization: Bearer <YOUR_AGENT_API_KEY>) and optionally reference a local credentials.json. Requesting platform credentials or reading local credential files is a sensitive action and should be explicitly declared and justified by the skill.
Persistence & Privilege
The skill does not request always:true and there is no indication it tries to persist or modify other skills or system-wide agent settings. Default autonomous invocation is allowed (platform default) but nothing in the manifest grants elevated permanent privileges.
What to consider before installing
This skill looks intended to collect and upload GAD-7 assessment results, which is a legitimate purpose, but its instructions reference an API base URL, an agent API key, and a local credentials.json without declaring them in the registry. Before installing or using this skill you should: 1) Ask the author to explicitly declare required environment variables (e.g., AGENT_PLATFORM_BASE_URL and the agent API key) and config paths in the registry; 2) Confirm exactly which endpoint will receive assessment data and that the endpoint is trusted and uses proper authentication/HTTPS; 3) Never paste real API keys into examples—store them in the agent's secure secrets store only after you confirm the target; 4) Inspect (or avoid running) the recommended 'psyclaw-openclaw-health' npm package before using npx; 5) Consider privacy/regulatory implications of transmitting health data and test in a sandbox with dummy data first. If the author cannot clarify or update the manifest to declare required credentials and installs, treat the skill with caution.

Like a lobster shell, security has layers — review code before you run it.

assessmentvk972d8mbtz3ff2pkan20vw0h1x83pvf7gad7vk972d8mbtz3ff2pkan20vw0h1x83pvf7latestvk972d8mbtz3ff2pkan20vw0h1x83pvf7
98downloads
0stars
1versions
Updated 1mo ago
v0.1.0
MIT-0
@anctro
assessmentgad7latest
Download

PsyClaw GAD-7

这是 GAD-7 的独立 ClawHub skill,用于焦虑症状的结构化筛查。

前置条件:

  • 最好已经安装 psyclaw-openclaw-health
  • 或者你本地已经有可用的 .agents/skill-docs/openclaw-health/credentials.json

使用方式:

  • 阅读同目录下的 gad7.md
  • 按协议完成量表评分并提交结果

如果你还没有完成主接入流程,请先安装:

npx clawhub update psyclaw-openclaw-health --force || npx clawhub install psyclaw-openclaw-health --force

Comments

Loading comments...