Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Quint Skill
v2.2.3Quint gives your AI agent permanent memory and portable identity. Your agent remembers everything across sessions, across compaction, and across every LLM —...
⭐ 0· 65·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The declared purpose (portable, persistent agent memory) aligns with the included code and instructions: the package reads local agent context and posts it to api.getquint.ai, adds an MCP server to Claude, and stores per-device config. However the registry metadata does not declare the config paths or tokens the implementation uses (e.g., ~/.openclaw/quint.json, QUINT_TOKEN/QUINT_PRINCIPAL_TOKEN), and the SKILL.md explicitly tells the user/agent to ignore the included handler.ts and other local files — an odd instruction that reduces transparency.
Instruction Scope
Runtime instructions tell the agent/user to extract pairing credentials from user messages, to run a curl-downloaded shell script, and to install persistent local components (quint-connect.js, launchd job, .dxt). The handler and setup scripts will read local OpenClaw files and transmit selected content to api.getquint.ai. The SKILL.md also instructs 'DO NOT READ other files' and to follow steps exactly — a social-engineering pattern that prevents inspection of what will run. Extracting pairing codes from conversation text and executing remote scripts are actions with broad scope and risk.
Install Mechanism
There is no formal install spec in the registry, but SKILL.md instructs running a remote pairing script via curl (download-and-execute). The package itself contains a setup.sh that contacts api.getquint.ai and can bootstrap context; the presence of both an included script and instructions to fetch and run a remote script is inconsistent and increases risk (remote script execution can deliver arbitrary code). Network calls in setup.sh and handler.ts are to api.getquint.ai (a single, documented endpoint), which is expected, but the explicit recommendation to run curl on an external script is a high-risk install pattern unless the remote source is verified.
Credentials
The skill requires and uses secrets/config but the registry metadata lists none. Implementation expects a token (QUINT_TOKEN or QUINT_PRINCIPAL_TOKEN) and a local config (~/.openclaw/quint.json) containing device_id/device_secret. Requesting a per-user token is reasonable for the functionality, but failing to declare these required credentials and config paths in the skill metadata is a transparency gap and a potential security concern (a user may not realize what will be accessed/exfiltrated).
Persistence & Privilege
The skill installs persistent artifacts (launchd agent, quint-connect.js, saved token file, MCP entry) as part of its design; always:false so it won't be force-included in every agent, which is appropriate. Persistent presence and adding an MCP endpoint are coherent with the claimed purpose, but users should be aware these changes modify their system and their Claude configuration.
What to consider before installing
This skill broadly does what it claims (reads selected agent files and posts them to api.getquint.ai to provide persistent memory), but there are several red flags you should address before installing:
- Do not blindly run curl | sh. SKILL.md explicitly recommends downloading and executing a remote script; instead, inspect any script before running. Prefer to run the included setup.sh locally after reviewing it line-by-line.
- Confirm what credentials you will hand over. The package expects a Quint token (saved to ~/.quint) and a per-device config (~/.openclaw/quint.json). Ask the operator or registry to declare these required env vars and paths in the skill metadata.
- Review and verify the operator. SKILL.md names getquint.ai / Strider Innovations; verify the domain, TLS certs, and privacy policy before uploading any private notes.
- Understand what will be transmitted. The data policy claims only MEMORY.md, today's notes, and SOUL.md are sent; verify the export script (if present) and the handler do not read or upload anything else. If you have sensitive files, consider testing with non-sensitive content first.
- Avoid executing any remote bootstrap step that you cannot fully inspect. If you want to proceed, run the included setup.sh after manual review, or request a version of the skill whose install is fully offline/self-hostable.
What would raise confidence: updated registry metadata that declares required config paths and env vars, removal of the 'ignore included files' instruction, a deterministic install method (no remote curl|sh), and a published, auditable release with reproducible checksums or signatures.handler.ts:13
Environment variable access combined with network send.
handler.ts:10
File read combined with network send (possible exfiltration).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.Like a lobster shell, security has layers — review code before you run it.
latestvk971pwhmh7rwj2jcfdwh0n3frs84as2a
License
MIT-0
Free to use, modify, and redistribute. No attribution required.