Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Skill Combo - 技能组合器
v1.0.0支持同时启用多个技能协同工作,分工执行并整合结果,实现复杂任务的高效完成与管理。
⭐ 0· 61·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The declared purpose (multi-skill orchestrator) matches the instructions which load and orchestrate other skills, so the capability requested is plausible — however the package metadata (package.json.skill.json) claims a code entrypoint (main: src/index.ts) but no source files are present in the bundle. That mismatch (metadata implying an implemented module vs. instruction-only SKILL.md) is inconsistent and unexplained.
Instruction Scope
SKILL.md explicitly instructs the agent to locate other skills on disk (findSkillPath), read their source (readFile), extract capabilities, and import/execute them. Those operations involve reading arbitrary skill files and executing their modules at runtime. While that is expected for a combo/orchestrator, it expands the trust boundary: it can execute third-party code and cause side effects beyond the skill's own declared surface.
Install Mechanism
No install spec is provided (instruction-only), which is low risk in itself. However package.json and skill.json indicate a normal code-based skill (main: src/index.ts, build scripts) but no src files are included — this disconnect may be a packaging oversight or indicate incomplete/misleading metadata.
Credentials
The skill declares no required environment variables or config paths, which is appropriate for an instruction-only orchestrator. But the runtime plan to import and execute other skills means that those other skills (not this skill) may access credentials or external endpoints; the aggregator does not declare or control those flows, so install-time lack of requested secrets does not eliminate risk of downstream credential use.
Persistence & Privilege
The skill does not request always:true and is user-invocable only; it does not ask to modify other skills or system config. Autonomous invocation is allowed by platform default — combined with the ability to import/execute other skills this increases the blast radius, but the skill itself does not request persistent or elevated privileges.
What to consider before installing
This skill's goal (combining installed skills) is reasonable, but two red flags need attention: (1) package metadata references a code entrypoint (src/index.ts) while the package contains only SKILL.md/README and no source files — ask the author whether code was omitted or if this is intentionally instruction-only. (2) The runtime instructions tell the agent to locate, read, import and execute other skills' files — that will run third-party code and can cause side effects or data flows you might not expect. Before installing: verify the upstream repository, prefer installing in a sandboxed/test agent, avoid sending sensitive data to combos until you confirm which skills will run, and request clarification from the author about the missing source files and exact permissions required.Like a lobster shell, security has layers — review code before you run it.
latestvk97bppammybmcceq338tdmqx9s8446p0
License
MIT-0
Free to use, modify, and redistribute. No attribution required.