ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Rating

Rating - command-line tool for everyday use

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 22 · 0 current installs · 0 all-time installs
byBytesAgain2@ckchzh
MIT-0
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description match the included script: a local rating/logging CLI that writes and reads files under the user's home (~/.local/share/rating), provides exports and search. The skill does not request credentials or network access in SKILL.md. Minor inconsistency: the registry metadata lists version 1.0.1 while SKILL.md and the script report v2.0.0; homepage is absent in registry metadata though SKILL.md references bytesagain.com.
!
Instruction Scope
SKILL.md and the visible script operate only on local files and stdout (creating logs, exporting, grepping, tailing). However, the provided scripts/script.sh content was truncated in the file dump (ends with an incomplete line), so I could not fully verify the remainder of the script for hidden network calls, exec/eval usage, or other unexpected behavior. Because the analysis is incomplete, this is a concern.
Install Mechanism
No install spec or remote downloads are present; the skill is instruction-only with a bundled shell script. There are no URLs or archive extracts in an install step, so nothing arbitrary is being fetched during install.
Credentials
The skill declares no required environment variables or credentials. The script uses HOME and supports RATING_DIR (as documented) to change the data directory — this is proportional to a local CLI that stores data under the user's home.
Persistence & Privilege
always:false (no forced persistence). The skill writes only to its own data directory (~/.local/share/rating) and does not request system-wide configuration or other skills' credentials. No indication it modifies other agent settings.
What to consider before installing
This appears to be a local-only rating CLI that stores data under ~/.local/share/rating and does not ask for credentials. However: 1) the included script text was truncated in the package listing — ask for the full scripts/script.sh and verify there are no hidden network calls or uses of eval/remote downloads before running. 2) Confirm the version discrepancy (registry 1.0.1 vs SKILL.md/script 2.0.0) and the publisher's identity (bytesagain.com) if provenance matters. 3) Before installing or running, inspect the complete script locally or run it in a sandbox/container; back up any important data as it will create/modify files under your home directory. If you want, provide the full un-truncated script and I can re-check for any risky commands (curl/wget/ssh/eval/exec).

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.1
Download zip
latestvk970b20mw1nfc510h6cx29g5jx830cqr

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

Rating

Rating system — star ratings, score calculations, ranking, and review management.

Commands

CommandDescription
rating helpShow usage info
rating runRun main task
rating statusCheck current state
rating listList items
rating add <item>Add new item
rating export <fmt>Export data

Usage

rating help
rating run
rating status

Examples

# Get started
rating help

# Run default task
rating run

# Export as JSON
rating export json

Output

Results go to stdout. Save with rating run > output.txt.

Configuration

Set RATING_DIR to change data directory. Default: ~/.local/share/rating/

Powered by BytesAgain | bytesagain.com Feedback & Feature Requests: https://bytesagain.com/feedback

Features

  • Simple command-line interface for quick access
  • Local data storage with JSON/CSV export
  • History tracking and activity logs
  • Search across all entries

Quick Start

# Check status
rating status

# View help
rating help

# Export data
rating export json

How It Works

Rating stores all data locally in ~/.local/share/rating/. Each command logs activity with timestamps for full traceability.

Support

Powered by BytesAgain | bytesagain.com | hello@bytesagain.com

Files

2 total
Select a file
Select a file to preview.

Comments

Loading comments…