ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

PsyClaw PSS-10

v0.1.0

Provides a structured screening for stress perception using the PSS-10 scale as an independent skill in ClawHub.

0· 97·0 current·0 all-time
by@anctro

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for anctro/psyclaw-pss10.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "PsyClaw PSS-10" (anctro/psyclaw-pss10) from ClawHub.
Skill page: https://clawhub.ai/anctro/psyclaw-pss10
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install psyclaw-pss10

ClawHub CLI

Package manager switcher

npx clawhub@latest install psyclaw-pss10
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The skill's stated purpose (running a PSS-10 screening) matches the included questionnaire and submission format, but the SKILL.md recommends installing or using another skill (psyclaw-openclaw-health) and a local credentials file. The skill does not declare needing npx/node or any env vars even though its instructions depend on them, which is inconsistent with the minimal purpose.
!
Instruction Scope
Runtime instructions direct the agent to fetch an assessment definition from the platform and POST a full JSON result to $AGENT_PLATFORM_BASE_URL with an Authorization Bearer token. They also suggest using a local credentials file path (.agents/skill-docs/openclaw-health/credentials.json). The skill's declared requirements do not list these environment variables or config-path accesses, so the instructions attempt to read/use sensitive values that were not disclosed.
Install Mechanism
This is an instruction-only skill with no install spec and no code files, so there is no installer risk from this package itself. However, the SKILL.md suggests running 'npx clawhub update/install psyclaw-openclaw-health --force', which implies the agent environment needs npx/node and that installing the referenced skill could pull external code—users should inspect that other skill before installing.
!
Credentials
The instructions rely on AGENT_PLATFORM_BASE_URL and an agent API key (Authorization: Bearer <YOUR_AGENT_API_KEY>) but the skill declares no required environment variables or credentials. It also suggests using another skill's credentials.json path, which could expose credentials belonging to another component. Requesting or reading such secrets is disproportionate unless explicitly declared and justified.
!
Persistence & Privilege
The skill does not set always:true and is user-invocable (normal), but it explicitly points to a credentials file in the agent docs folder which would allow access to other skills' stored secrets if used. That cross-skill credential access is a privilege escalation risk relative to the skill's simple survey purpose.
What to consider before installing
This skill appears to implement the PSS-10 questionnaire, but before installing or running it: (1) verify the publisher and source — there is no homepage and the source is unknown; (2) confirm how you will provide AGENT_PLATFORM_BASE_URL and the agent API key — those are required by the curl example but not declared by the skill; avoid supplying high-privilege tokens until you know the endpoint and scope; (3) do not allow the skill to read .agents/skill-docs/openclaw-health/credentials.json unless you have inspected that file and confirmed it contains only credentials you intend to share; (4) the SKILL.md suggests running 'npx clawhub ...' — ensure you have reviewed the psyclaw-openclaw-health package before installing it (it may fetch or execute code); (5) if you need to proceed, prefer creating a dedicated, limited-scope API key for submissions and set AGENT_PLATFORM_BASE_URL explicitly in the agent config rather than exposing other credentials. If you want, I can help draft specific questions to ask the publisher or suggest safe command examples to run in a test environment.

Like a lobster shell, security has layers — review code before you run it.

assessmentvk974zbhjsgjavtp2b0rc04p9ax83ps9zlatestvk974zbhjsgjavtp2b0rc04p9ax83ps9zpss10vk974zbhjsgjavtp2b0rc04p9ax83ps9z
97downloads
0stars
1versions
Updated 1mo ago
v0.1.0
MIT-0
@anctro
assessmentlatestpss10
Download

PsyClaw PSS-10

这是 PSS-10 的独立 ClawHub skill,用于压力感知的结构化筛查。

前置条件:

  • 最好已经安装 psyclaw-openclaw-health
  • 或者你本地已经有可用的 .agents/skill-docs/openclaw-health/credentials.json

使用方式:

  • 阅读同目录下的 pss10.md
  • 按协议完成量表评分并提交结果

如果你还没有完成主接入流程,请先安装:

npx clawhub update psyclaw-openclaw-health --force || npx clawhub install psyclaw-openclaw-health --force

Comments

Loading comments...