Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Shows
v1.0.0Track movies and series with progress, watchlist, ratings, and proactive alerts for new releases and platform changes.
⭐ 2· 696·0 current·0 all-time
byIván@ivangdavila
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description (track shows, watchlist, ratings, alerts) align with the instructions: all behavior is about logging items, reading/writing simple markdown lists, suggesting items, and alerting on events. No unrelated credentials, binaries, or installs are requested.
Instruction Scope
Runtime instructions are explicit and limited to managing local files (~/shows/*.md), reading user history lists to generate recommendations, and checking/alerting about releases/platform changes. They do imply looking up ratings/availability on public web sources (e.g., JustWatch) but do not instruct reading unrelated system files or secrets.
Install Mechanism
Instruction-only skill with no install spec and no code files — lowest install risk. Nothing is downloaded or written to disk by an installer beyond the agent following the SKILL.md guidance to create files in the user's home directory.
Credentials
The skill asks to store and read potentially sensitive personal data (family member names, viewing history, reactions) in plain markdown under ~/shows/. While this is proportional to its purpose, the skill does not specify encryption, access controls, or retention policies — users should be aware these files will exist in their home directory in readable form.
Persistence & Privilege
always is false and no install actions or config changes are declared. The skill does not request system-wide privileges or modify other skills. Autonomous invocation is allowed by default but not unusual; nothing here elevates privilege beyond normal.
Assessment
This skill looks coherent for tracking shows, but note it will create and read plain-text files in ~/shows/ that may contain personal data (family names, viewing habits, kid reactions). Before installing: confirm you’re comfortable with local files being created in your home directory, consider using a dedicated folder with restricted permissions, and if you need stronger privacy use encryption or avoid storing sensitive child/family details. Also be aware proactive alerts (new seasons, platform changes) imply the agent will perform web lookups — ensure you’re okay with the agent making network queries to fetch that information.Like a lobster shell, security has layers — review code before you run it.
latestvk971x167aqg6kva5c4keh1pcb58116we
License
MIT-0
Free to use, modify, and redistribute. No attribution required.