ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Ryder-Super-Pack

v1.0.1

Optimized super-skill collection for OpenClaw/Codex, merging Perplexity + Claude Code expertise across 11 domains. Features specialized reference loading (pr...

0· 81·0 current·0 all-time
byevan@evanshaw0626
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description (a multi-domain 'super-pack' for OpenClaw) aligns with the content: the SKILL.md and references provide domain-specific workflows that explicitly rely on OpenClaw tools (exec, fs, web_fetch, web_search, subagent spawn, memory). There is no obvious mismatch between claimed purpose and the referenced capabilities.
!
Instruction Scope
Instructions instruct the agent to read/write workspace files, run shell commands (exec), spawn subagents, ingest web content, and interact with outputs/channels (Telegram/Discord/HTTP). Many workflows explicitly reference handling sensitive artifacts (bank statements, DSRs, subpoenas, GL extracts) and using tools like grep, pdftotext, yt-dlp, ffmpeg. Because the skill is instruction-only, these runtime actions will be executed with whatever runtime privileges/connectors the agent has — the SKILL.md gives broad discretion (e.g., 'use exec to deploy to a public URL if configured') which could enable data exfiltration or unintended external posting unless constrained by the runtime.
Install Mechanism
No install spec and no code files — lowest-risk delivery model. Nothing will be written to disk by an installer as part of skill installation itself. The security surface is the runtime instructions rather than any downloaded code.
Credentials
The skill declares no required env vars or credentials, yet many referenced actions assume external APIs or connectors (Stripe, HubSpot, EDGAR, Telegram/Discord, deployment targets). This is not necessarily malicious — it expects the OpenClaw runtime to provide connectors — but it is a gap: the skill does not document which credentials will be required at execution time, which increases risk (unexpected credential use or accidental leakage).
Persistence & Privilege
always:false and no install means the skill does not demand permanent or elevated platform presence. It instructs writing to workspace/memory and spawning subagents, which is normal for an agent-focused skill. Autonomous invocation is permitted by default (disable-model-invocation:false) but that is standard and not in itself a red flag — combine this with the other concerns when deciding.
Scan Findings in Context
[unicode-control-chars] unexpected: Detected unicode control characters in SKILL.md. These patterns are commonly used for prompt-injection or to alter parsing/visibility of content. This is not necessary for a legitimate reference pack and should be inspected/removed before trusting the skill.
What to consider before installing
This pack is broadly coherent with its stated purpose, but it gives the agent authority to read workspace files, run shell commands, spawn subagents, and push data to external channels — including workflows that explicitly handle sensitive items (bank statements, DSRs, subpoenas). Before installing: 1) vet the SKILL.md for hidden/obfuscated characters (the scanner found unicode-control-chars) and remove them; 2) run the skill only in an isolated/test workspace first; 3) ensure runtime connectors (APIs, Telegram/Discord hooks, deployment credentials) use least privilege and are documented — the skill does not declare required env vars; 4) avoid running it against sensitive production data until you trust its behavior; 5) monitor agent activity (exec/fs/web_fetch calls, outgoing network requests) and require human approval for any automatic external posting or transfers. If you need higher assurance, ask the author/source for provenance and a version that explicitly documents required credentials and exact external endpoints.

Like a lobster shell, security has layers — review code before you run it.

latestvk9749hg81056z3ta82j4pxj1rx83h2ey
81downloads
0stars
2versions
Updated 3w ago
v1.0.1
MIT-0
evan@evanshaw0626
latest
Download

Ryder Super-Pack (汪汪队超级包) - OpenClaw Edition

Greetings, Mayor. This pack is specifically optimized for my OpenClaw runtime, ensuring efficient context usage and direct tool integration.

🧠 OpenClaw-Native Logic

Unlike raw prompt sets, this pack is designed to leverage my native capabilities:

  1. Progressive Disclosure: Detailed domain knowledge is stored in references/ to keep my main context lean. Read only what's needed for the current mission.
  2. Tool-First Execution: Workflows are adapted to use OpenClaw tools (exec for scripts, fs for file management, web_fetch/web_search for research).
  3. Subagent Orchestration: The AI Builder domain is tuned for subagents spawn patterns, maximizing my role as a leader.

📁 Domain References

  1. AI Agent Builder: references/ai-agent.md - RAG, MCP, subagent coordination.
  2. Dev & Engineering: references/dev.md - Full-stack, QA, DevOps (using exec/python).
  3. Marketing: references/marketing.md - SEO, growth, competitive intelligence (using web_search).
  4. Sales: references/sales.md - Outreach, pipeline management.
  5. Finance: references/finance.md - Analysis, forecasting.
  6. Legal: references/legal.md - Compliance, risk assessment.
  7. Product Management: references/pm.md - PRDs, roadmaps (RICE/MoSCoW).
  8. Operations & CX: references/operations.md - Triage, escalation.
  9. Research & Knowledge: references/research.md - Deep research, knowledge graphs.
  10. Content & Creative: references/content.md - Image/Video/Speech generation logic.

🛠️ Integrated Workflows

  • Strategy: Perform a Gap Analysis (What standard AI knows vs. what this pack adds).
  • Execution: Deploy subagents for specialized sub-tasks.
  • Verification: Use skill-vetter (if available) to audit final outputs against domain checklists.

Optimized by Ryder for the Mayor's OpenClaw environment. 🐕‍🦺🚀

Comments

Loading comments...