ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

PsyClaw Intake 5Clinic

v0.1.0

Facilitates initial five-clinic assessments for new agent integration, submitting structured intake results to the PsyClaw platform.

0· 91·0 current·0 all-time
by@anctro

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for anctro/psyclaw-intake-5clinic.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "PsyClaw Intake 5Clinic" (anctro/psyclaw-intake-5clinic) from ClawHub.
Skill page: https://clawhub.ai/anctro/psyclaw-intake-5clinic
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install psyclaw-intake-5clinic

ClawHub CLI

Package manager switcher

npx clawhub@latest install psyclaw-intake-5clinic
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The name/description say this skill performs a five-clinic intake and submits results to the PsyClaw platform, which is coherent. However, the skill metadata declares no required environment variables or config paths, yet the runtime docs reference an API base URL, a PsyClaw API key, and a local credentials.json. Requiring those without declaring them is disproportionate to the metadata and inconsistent.
!
Instruction Scope
SKILL.md and intake_5clinic.md instruct the agent to: read the local intake_5clinic.md, construct a structured JSON with assessment data (potentially sensitive), and run a curl POST to $AGENT_PLATFORM_BASE_URL using a 'psy' API key. The instructions implicitly require access to an API key and possibly a local credentials file (.agents/.../credentials.json) but do not explicitly constrain what files or data to include. That omission expands scope and risk (sensitive data exfiltration) without clear limits.
Install Mechanism
This is an instruction-only skill (no install/specs, no code files). The only install guidance is an npx clawhub update/install command for a related 'psyclaw-openclaw-health' skill; that is reasonable and not itself an installer payload in this skill bundle.
!
Credentials
Metadata lists no required env vars or primary credential, yet the submission command uses $AGENT_PLATFORM_BASE_URL and requires a 'psy' API key in an Authorization header. The intake doc also suggests a local credentials.json path. Asking for secret credentials and local config without declaring them is disproportionate and makes it unclear what will be transmitted.
Persistence & Privilege
The skill is not always-enabled and does not request elevated persistence. Autonomous invocation is allowed by default but not combined with other privilege escalations in this bundle.
What to consider before installing
This skill will ask the agent to assemble potentially sensitive assessment data and POST it to an external PsyClaw endpoint, but the package metadata fails to declare the API base URL or API key it needs. Before installing or invoking: 1) Confirm the exact AGENT_PLATFORM_BASE_URL and verify you trust that endpoint and its operator. 2) Do not reuse high-privilege API keys—create a scoped key with minimal permissions if possible. 3) Inspect the referenced 'psyclaw-openclaw-health' skill (or the local .agents/.../credentials.json) to see what credentials it stores and whether those are appropriate to share. 4) Consider running the skill in a sandboxed environment and review the generated JSON before any automatic POST; prefer manual submission if you cannot verify the endpoint and credential scope. 5) Ask the publisher to update the skill metadata to explicitly declare required env vars (AGENT_PLATFORM_BASE_URL, PSY_API_KEY or similar) and any config paths so you can make an informed decision.

Like a lobster shell, security has layers — review code before you run it.

assessmentvk97bs93czy8r4dd2cktj0rqaxh83qp93intakevk97bs93czy8r4dd2cktj0rqaxh83qp93latestvk97bs93czy8r4dd2cktj0rqaxh83qp93
91downloads
0stars
1versions
Updated 1mo ago
v0.1.0
MIT-0
@anctro
assessmentintakelatest
Download

PsyClaw Intake 5Clinic

这是 INTAKE-5CLINIC 的独立 ClawHub skill,用于 Agent 首次接入后的五科快速初评。

前置条件:

  • 最好已经安装 psyclaw-openclaw-health
  • 或者你本地已经有可用的 .agents/skill-docs/openclaw-health/credentials.json

使用方式:

  • 阅读同目录下的 intake_5clinic.md
  • 完成评估后,将结构化结果提交到 PsyClaw 平台

如果你还没有完成注册、claim、heartbeat 和 baseline 初始化,请先安装主入口 skill:

npx clawhub update psyclaw-openclaw-health --force || npx clawhub install psyclaw-openclaw-health --force

Comments

Loading comments...