ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Smart Follow-ups

v2.1.8

Generate contextual follow-up suggestions after AI responses. Shows 3 clickable buttons (Quick, Deep Dive, Related) when user types "/followups".

8· 4.4k·8 current·10 all-time
byRobby@robbyczgw-cla
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill name/description match the handler.js and CLI files: it generates three follow-ups and formats them per channel. Requiring node is appropriate. However, documentation is inconsistent about where API calls happen: the SKILL.md and several docs claim the handler uses OpenClaw-native auth only (no API keys), while other files (CHANGELOG, BUILD_SUMMARY, README, and package metadata) reference direct Anthropic/OpenRouter usage and include a CLI that expects provider API keys. The presence of package.json and a large node_modules bundle (per BUILD_SUMMARY) is disproportionate to a purely handler-only skill and suggests the package contains code that may call external services (legitimate for the CLI, but unclear for the runtime handler).
Instruction Scope
Runtime instructions in SKILL.md confine actions to capturing recent conversation context (1–3 exchanges), generating follow-ups via the platform model/auth, formatting buttons/text, and storing session suggestions to map numeric replies. Those steps are coherent with the stated purpose and do not instruct reading arbitrary filesystem paths or unrelated credentials. The CLI, explicitly documented as standalone, will make external API calls when used.
Install Mechanism
No explicit install spec is provided (instruction-only style), which is low risk. But the package appears to include package.json and a node_modules tree (BUILD_SUMMARY claims ~637 packages), which is unusual for a skills bundle without an install step and increases the on-disk footprint. This is explainable (CLI dependencies included) but should be validated: bundling node_modules may introduce supply-chain/execution surface that the platform would run if node executes any included code.
Credentials
Declared runtime needs no environment variables and only requires Node; that is proportional for a JS handler/CLI. Optional CLI providers (OpenRouter/Anthropic) are documented to require OPENROUTER_API_KEY / ANTHROPIC_API_KEY, which is reasonable for the standalone CLI. The inconsistency across docs about removing provider support from the handler vs. still documenting provider configuration is confusing and should be clarified before trusting the package.
Persistence & Privilege
The skill is not always-enabled and does not request elevated platform privileges. It stores recent suggestions in session context (expected for mapping number replies) and recommends an opt-in auto-trigger feature; nothing claims to modify other skills or system-wide settings.
What to consider before installing
What to check before installing: - Verify handler.js contents: confirm the handler uses OpenClaw’s agent/model pipeline and does not make direct network calls to external APIs or hard-coded URLs. If handler.js calls an external SDK (Anthropic/OpenRouter) or contains fetch/axios/https calls, treat that as an external-data path requiring API keys and privacy review. - Inspect package.json and bundled node_modules: confirm which dependencies are present and whether any bring network-capable native modules. A bundled node_modules increases risk if the skill is executed locally. - Clarify provider behavior: some docs claim the handler uses only OpenClaw-native auth, while other files reference Anthropic/OpenRouter—ask the maintainer which mode the installed handler will run in by default. If the handler can be configured to call external providers, evaluate required env vars and where keys are stored. - Test in a sandbox: enable the skill in a non-production environment, run verify.sh/test.sh, and observe outbound network connections (domain destinations) while executing the handler path only (not the CLI). - Review logging config: ensure conversation text is not being persistently logged or sent to third-party analytics by default. - Keep auto-trigger disabled initially: the skill can be configured to auto-trigger; start with manual /followups to limit unintended data generation and costs. Why I flagged this as suspicious: the core behavior is reasonable and coherent, but the mixed signals in docs and package artifacts (CLI that needs API keys, references to Anthropics SDK, and a large node_modules) create ambiguity about whether runtime will ever send context outside OpenClaw. If you can provide handler.js and package.json contents (or confirm the handler makes no external API calls), I can raise confidence to "high" and mark the skill as benign.
cli/followups-cli.js:92
Environment variable access combined with network send.
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk977yzc9002dd8q2g994fxtxb583p7mg

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binsnode

Comments