Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
storage-router
v1.0.0Decide where to save any piece of information — monday.com, local file, or MEMORY.md. Use this skill before saving anything to ensure the right destination....
⭐ 0· 12·0 current·0 all-time
byNetanel Abergel@netanel-abergel
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description (route content to monday.com, local, or MEMORY.md) matches the SKILL.md guidance. However, the skill repeatedly references monday.com and GitHub (including concrete board/doc IDs and a rule to place certain files in a GitHub repo) but declares no required credentials or environment variables. That omission is an incoherence: to actually save to those services an agent typically needs API tokens/credentials, yet none are declared or documented here.
Instruction Scope
The SKILL.md tells the agent to source a local .context file at an absolute path (/opt/ocana/openclaw/workspace/skills/storage-router/.context). Reading/sourcing a file is legitimate for loading IDs, but it accesses the agent's filesystem and could expose any variables placed there. The doc also directs where to store/never store credentials and even suggests pushing SKILL.md to a public repo — instructions that could lead to accidental exposure of internal rules or IDs. The routing rules are opinionated and prescriptive, which is fine, but they give the agent authority to decide destinations and could cause unintended uploads to external services if credentials are available.
Install Mechanism
This is instruction-only (no install spec, no code files), so nothing is written to disk by the skill itself. That is the lowest-risk install mechanism.
Credentials
The skill expects integration with monday.com and GitHub but lists no required env vars, primary credential, or config paths. Either the skill assumes the agent already has global credentials (not documented), or it will attempt to read them from local files (the .context file). Requiring access to external services without documenting needed tokens is disproportionate and potentially confusing. The guideline to keep credentials local is good, but the skill does not specify how those local secrets should be provided or protected (file permissions, encryption).
Persistence & Privilege
The skill is not marked always:true and is user-invocable; autonomous invocation is allowed (platform default). The SKILL.md expects persistent artifacts (memory, .context, GitHub), but the skill itself does not request elevated platform privileges. This is normal, but combined with the other concerns (filesystem sourcing and undocumented external integrations) it increases the need for auditing the .context file and the agent's global credentials.
What to consider before installing
This skill is mostly coherent with its stated purpose (deciding where to save content) but has several practical and privacy concerns you should review before installing: 1) Check how your agent will authenticate to monday.com and GitHub — the skill does not declare or explain required credentials. 2) Inspect the .context file at /opt/ocana/openclaw/workspace/skills/storage-router/.context (if present) to see what variables/IDs/tokens it contains; do not allow the agent to source it unless you trust its contents and file permissions. 3) The skill recommends storing SKILL.md or other items in a (potentially public) GitHub repo — verify your publishing policy to avoid leaking internal rules or IDs. 4) Consider requiring user confirmation before the agent forwards content to external services (monday.com/GitHub). 5) If you cannot verify the source of the skill or the .context contents, avoid installing or restrict the skill to manual invocation only. If you want higher assurance, ask the publisher to: list required credentials, document precisely what .context fields are expected, and remove recommendations that could publish internal files to public repos.Like a lobster shell, security has layers — review code before you run it.
latestvk9705mf56f7ww3etkdx91gg9s584a9fm
License
MIT-0
Free to use, modify, and redistribute. No attribution required.