ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Unit Price Database Manager

v2.0.0

Manage construction unit price databases: update prices, track vendors, apply location factors, maintain historical records. Essential for accurate estimating.

0· 1.3k·2 current·2 all-time
by@datadrivenconstruction
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description, instructions.md, and the included Python examples all describe unit price CRUD, location adjustments, history tracking, and exports — consistent with a database manager for estimating.
Instruction Scope
Runtime instructions focus on creating/importing entries, lookups, updates, escalation and exports. They do not request arbitrary system data, environment variables, or external endpoints beyond normal import/export behavior.
Install Mechanism
No install spec and no code files to execute — this is an instruction-only skill, so nothing is downloaded or installed by the skill itself.
Credentials
No required environment variables, API keys, or credentials are declared. The skill does declare a 'filesystem' permission in claw.json which matches expected import/export and local DB usage.
Persistence & Privilege
always:false (normal). The skill is user-invocable and can be invoked autonomously (platform default). The declared filesystem permission grants read/write access to local files — appropriate for import/export but worth considering before granting access to sensitive directories.
Scan Findings in Context
[no-regex-findings] expected: The static scanner found no regex-based issues. This is expected for an instruction-only skill with no executable code files to analyze.
Assessment
This skill appears coherent and focused on managing unit-price data. Before installing, note that it declares filesystem permission (needed for importing/exporting local databases) — only grant it access if you trust it to read/write the directories where you store data. There are no network endpoints or credentials requested. If you plan to run the included Python examples locally, review them and any dependencies (pandas, Decimal usage) before execution. If you need stricter limits, avoid giving it access to sensitive folders or run it in an isolated environment.

Like a lobster shell, security has layers — review code before you run it.

latestvk97eq6v97k91v0m3pp7dj4qr2x813997

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments