ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Sales Automation Workflows Agent

v1.0.0

Build and deploy n8n workflows connecting apps to automate sales tasks, sync data, send notifications, and streamline business operations efficiently.

0· 12·0 current·0 all-time
by@fuzzyb33s
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill's stated purpose — building and deploying n8n workflows that integrate many services — is plausible and would commonly involve Node.js and third-party API credentials. However, the SKILL.md contains a metadata/install clause that requests a Node/npm package named 'clawhub' (providing a 'clawhub' binary). The registry metadata provided to the evaluator earlier lists no required binaries or install steps, so the presence of this npm install in the skill file is an unexplained discrepancy.
Instruction Scope
The runtime instructions focus on designing, testing, and delivering n8n workflows and do not instruct the agent to read local files, system configs, or arbitrary environment variables. They do assume connecting to external services (Gmail, Slack, Stripe, CRMs, vector DBs), which legitimately requires credentials, but the SKILL.md does not instruct any broad data collection or exfiltration beyond normal API integrations.
!
Install Mechanism
Although the registry listing was 'instruction-only', SKILL.md includes an install entry that would install an npm package 'clawhub' (kind: node) and expose a 'clawhub' binary. Installing an npm package at install-time is a moderate-risk action — npm packages are third-party code and should be vetted. The package name 'clawhub' is not obviously part of upstream n8n tooling; its provenance is unknown and not documented in the skill, so this is disproportionate and unexpected.
Credentials
The skill declares no required environment variables or primary credential, but its functionality (connecting CRMs, email, payment processors, Slack/Discord, vector DBs, AI APIs) inherently requires API keys or OAuth tokens. The absence of declared env vars is not necessarily malicious, but it is inconsistent: users should expect to provide multiple service credentials and the skill should document which credentials it needs and how it handles them.
Persistence & Privilege
The skill does not request always:true and is user-invocable with normal autonomous invocation allowed. There is no evidence in the instructions of modifying other skills, agent-wide config, or requesting permanent elevated presence.
What to consider before installing
Things to check before installing or running this skill: - Confirm the discrepancy: ASK the publisher why registry metadata lists no install or required binaries while SKILL.md asks for Node and an npm package 'clawhub'. This may be an oversight, but it could hide an install step. - Vet the npm package: If installation of 'clawhub' is required, review the package source (npm page, author, repository, recent versions) and inspect its code before running it. Prefer packages from well-known, audited projects. - Principle of least privilege: only provide third-party API keys (CRM, email, payment, Slack, vector DB, AI tokens) in test/sandbox environments first. Use scoped credentials where possible and rotate them after testing. - Sandbox install: If you must install, do so in an isolated environment or container and monitor network activity during initial runs. - Ask for documentation: Request from the publisher a clear list of which credentials are needed, what external services are contacted, and exact install steps. If they cannot explain why 'clawhub' is needed, treat the install as suspicious. - If you want higher assurance: ask the publisher to remove opaque install hooks from SKILL.md (or document them clearly) or provide a version that uses only documented, auditable dependencies. Given the unexplained install entry and metadata mismatch, do not proceed with installation on production systems until these questions are answered.

Like a lobster shell, security has layers — review code before you run it.

latestvk970cwjdcrkmhstqya20vbmd6n84cj8e

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments