ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Runtime Instructions Control Plane

v0.1.0

Load per-job runtime instructions from Google Sheets, cache them locally, and reconcile cron job enablement flags safely for OpenClaw operations.

0· 49·0 current·0 all-time
byDaniel Sinewe@danielsinewe
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
CryptoRequires walletRequires OAuth token
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The scripts do exactly what the name/description claim: fetch instructions from Google Sheets, cache them under the OpenClaw runtime directory, and reconcile cron job enabled flags. Required runtime (node) and the Google Sheets access are proportional to the stated purpose. However, the published registry metadata lists no required environment variables or primary credential while SKILL.md and the scripts clearly require GOOGLE_SHEETS_SPREADSHEET_ID and either service-account credentials or a gcloud token — this mismatch is an inconsistency in the package metadata.
Instruction Scope
SKILL.md and the included scripts are explicit about what they do: call Google Sheets APIs, write JSON/MD cache files, and update a local cron jobs.json (with timestamped backups in apply mode). The loader falls back to cached files when network/auth is unavailable and may shell out to gcloud to obtain an access token. No code attempts to read unrelated system config or post data to unexpected external endpoints beyond Google APIs. Minor scope difference: reconcile-cron requires service-account creds (no gcloud fallback), while load-sheet-instructions supports either — this should be documented clearly to avoid runtime surprises.
Install Mechanism
This is instruction-only with included Node scripts and no install spec. Nothing is automatically downloaded or executed during install; the user must run the scripts with node. That limits supply-chain risk compared with an arbitrary remote install, but users will execute the local scripts, so review before running is recommended.
Credentials
The scripts legitimately require GOOGLE_SHEETS_SPREADSHEET_ID and either GOOGLE_SERVICE_ACCOUNT_EMAIL / GOOGLE_SERVICE_ACCOUNT_PRIVATE_KEY or a gcloud-authenticated token. These environment variables are sensitive (private key) but are proportionate to accessing spreadsheets. The registry metadata's omission of these required env variables and the 'primary credential: none' field is misleading and reduces transparency. Also note the scripts write to and modify the local jobs.json (default ~/.openclaw/cron/jobs.json) — that file access is required for the reconcile task but is a privileged local change you should permit intentionally.
Persistence & Privilege
The skill is not always-enabled and does not request elevated platform privileges. It writes its own cache files and, when run with --apply, modifies the OpenClaw jobs.json (and creates a timestamped backup). This behavior is aligned with the control-plane purpose and does not alter other skills or system-wide agent settings.
What to consider before installing
This package appears to do what it says, but pay attention before you run it: (1) The skill needs GOOGLE_SHEETS_SPREADSHEET_ID and authentication — either a Google service-account private key (GOOGLE_SERVICE_ACCOUNT_PRIVATE_KEY) or an authenticated gcloud CLI for token fallback. The registry metadata does not list these, so don't rely on the registry summary. (2) The reconcile script will modify your local OpenClaw cron jobs JSON (default ~/.openclaw/cron/jobs.json) — test with the dry-run first and keep backups. (3) If you provide a service account key, create a least-privilege account limited to sheets.readonly and restrict where the key is stored. (4) Review the included scripts before running and prefer running load-script in local-only mode for testing. If you need to proceed broadly, ask the publisher to correct the registry metadata to list required env vars and clarify the differing auth requirements between the two scripts.
scripts/load-sheet-instructions.mjs:8
Environment variable access combined with network send.
scripts/reconcile-cron-from-sheet.mjs:6
Environment variable access combined with network send.
!
scripts/load-sheet-instructions.mjs:199
File read combined with network send (possible exfiltration).
!
scripts/reconcile-cron-from-sheet.mjs:107
File read combined with network send (possible exfiltration).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

automationvk97cdzhgm5er8b23d8zsgwhzj984dswqcontrol-planevk97cdzhgm5er8b23d8zsgwhzj984dswqcronvk97cdzhgm5er8b23d8zsgwhzj984dswqgoogle-sheetsvk97cdzhgm5er8b23d8zsgwhzj984dswqlatestvk97cdzhgm5er8b23d8zsgwhzj984dswqopenclawvk97cdzhgm5er8b23d8zsgwhzj984dswqopsvk97cdzhgm5er8b23d8zsgwhzj984dswq

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🧭 Clawdis
Binsnode

Comments