Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
sync-trending
v0.1.0Monitior technology trends (GitHub, etc.), contextualize them against the user's project, and autonomously verify them through installation and testing. Use...
⭐ 1· 539·3 current·3 all-time
byK@likw99
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description match the instructions: fetching trending sources, contextualizing against the user's project, and verifying repos by cloning/running them are coherent with the skill's stated purpose.
Instruction Scope
The SKILL.md directs the agent to read local project files (README.md, package.json) and — with user permission — to git clone, install dependencies, and run third‑party code. While it requires asking permission before cloning/executing, it lacks concrete, safe sandboxing steps (containerization, virtualenv, non-root user), and it explicitly clones into a home subdirectory (~/.gemini/tmp/) rather than an isolated ephemeral environment.
Install Mechanism
Instruction-only skill with no install spec or external downloads; this minimizes install-time risk. The primary risk comes from runtime behavior (cloning and running untrusted code), not from the skill installing software itself.
Credentials
The skill requests no environment variables or credentials, which is appropriate, but it instructs reading local project files and checking 'save_memory' — actions that can expose secrets. The SKILL.md advises not to expose secrets but does not specify how to detect or avoid accidentally reading/transmitting them. Dependency installs (npm/pip) and repository code may trigger arbitrary network activity or postinstall scripts that access local resources.
Persistence & Privilege
always:false and default model invocation are appropriate. The skill does not request permanent presence or modify other skills. The main privilege concern is runtime (ability to clone/run code) rather than persistence.
What to consider before installing
This skill does what it says — it will look at your local project and, if you approve, clone and run third‑party repositories to verify them. That is powerful but risky: cloning and installing dependencies can execute arbitrary code (via postinstall scripts or build steps) and might access or leak data. Before using this skill, consider the following: 1) Only allow deep dives when you trust the repository and explicitly grant permission each time. 2) Prefer the skill be changed to use strong isolation (run clones inside a disposable VM or container, drop privileges, and avoid cloning into your home directory). 3) Require and enforce dependency isolation (Python virtualenv/venv, use npm ci with --ignore-scripts or install in a container) to reduce postinstall risk. 4) Never let it access secrets or environment variables; verify the agent's memory ('save_memory') does not contain sensitive data. 5) If you need stronger guarantees, run manual verifications yourself in an isolated environment or ask the skill author to add explicit sandboxing instructions. Providing the skill with explicit sandbox/container steps or a policy that forbids global installs would reduce my concern.Like a lobster shell, security has layers — review code before you run it.
latestvk970yfg3w1p004sjjbg04f8hdn81wsq4
License
MIT-0
Free to use, modify, and redistribute. No attribution required.