Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description promise AI-based skin analysis, ingredient selection and personalized care, but SKILL.md emphasizes shop-finding, real-time queues, navigation and community photos; there is no guidance on performing AI skin measurements, handling user photos, or ingredient databases, so capabilities requested/declared do not match the stated purpose.
Instruction Scope
Instructions are high-level and open-ended: they ask for real-time queue/appointment data, precise navigation, community images and notes but do not specify data sources, APIs, or limits. That vagueness gives the agent broad discretion (web scraping, contacting external services, or requesting sensitive user data like location/photos) without constraints.
Install Mechanism
Instruction-only skill with no install spec or code files, so nothing will be written to disk by an installer. This is the lowest-risk install mechanism.
Credentials
The skill declares no required environment variables or credentials, yet promises features (real-time appointments, navigation, community reviews, images) that typically need APIs or service credentials (maps, booking platforms, review sites). The absence of declared credentials is a mismatch and could lead the agent to request user secrets or rely on uncontrolled scraping.
Persistence & Privilege
Skill is not always-on and uses default autonomous invocation. It does not request to modify other skills or system-wide settings; no elevated persistence is declared.
What to consider before installing
This skill's description and instructions don't fully match. Before installing, ask the publisher which data sources and APIs it uses (maps/booking/review services) and whether any API keys or account connections are required. Be cautious about providing location data, photos, or account credentials — prefer skills that declare required env vars and precise data flows. If you test it, do so without sharing real credentials or sensitive photos and ask for a privacy/data-flow explanation. If the author can't clarify why AI skin assessment needs real‑time local booking data, treat it as untrusted.Like a lobster shell, security has layers — review code before you run it.
latestvk977wcazjxwcjnxr9z91r44nq1835y9v
License
MIT-0
Free to use, modify, and redistribute. No attribution required.