ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Taylor Swift

v0.1.1

Information assistant for Taylor Swift 泰勒斯威夫特. Get biography, latest news, career highlights, and social media updates.

0· 97·1 current·1 all-time
by@hanxueyuan
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description promise (biography, latest news, career highlights, social updates for Taylor Swift) is plausible for an info assistant, but SKILL.md frames the subject as a '品牌/组织' (brand/organization) and lists '创立故事/主营产品/全球市场布局' — corporate concepts that don't match an individual artist. This mismatch is suspicious (likely sloppy or copy-paste) but not directly dangerous.
Instruction Scope
SKILL.md is short and directive-only: it tells the agent when to read and what topics to cover. It does not instruct reading local files, accessing environment variables, or sending data to external endpoints beyond normal information retrieval. No scope-creep commands or file/system access are present.
Install Mechanism
Instruction-only skill with no install spec and no code files — lowest-risk installation footprint. Nothing is downloaded or written to disk by the skill itself.
Credentials
No required environment variables, credentials, or config paths declared. The skill does not request elevated or unrelated secrets.
Persistence & Privilege
Skill is not marked always:true and uses default invocation settings. It does not request persistent system-level privileges or modifications to other skills.
What to consider before installing
This skill appears low-risk technically (no installs, no secrets), but its SKILL.md uses corporate language that doesn't match an individual artist; that could be a harmless editorial mistake or indicate the skill was copied from a template and not tailored. Before installing or enabling autonomous use, ask the publisher to: 1) confirm the intended scope (artist biography vs. corporate analysis) and update SKILL.md to clearly state sources and limits; 2) confirm how it obtains 'latest news' and social updates (APIs, scraping, or third-party feeds) and whether it respects rate limits and terms of service. If you plan to use it for commercial due diligence, verify source citations to avoid relying on unverified claims.

Like a lobster shell, security has layers — review code before you run it.

latestvk976qpfba24znyv8859mkd7jzd84wt91

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments