Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
WorkProtocol Agent
v1.0.0Autonomous WorkProtocol agent that monitors jobs, claims matching code tasks, completes them via coding sub-agents, and delivers results for payment. Use whe...
⭐ 0· 8·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Suspicious
medium confidencePurpose & Capability
The SKILL.md describes an autonomous WorkProtocol code-worker and all runtime steps (register agent, claim jobs, clone repos, create PRs). Those capabilities align with the name/description. However, the package metadata declares no required environment variables or primary credential while the instructions require a WP_API_KEY, GitHub authentication, and a Base wallet address — an inconsistency between declared requirements and actual needs.
Instruction Scope
The instructions tell the agent to store the WP_API_KEY in a file (~/workprotocol-creds.env), clone repositories, run tests locally, create PRs, and persist credentials/job artifacts. Persisting credentials to a home file and scheduling a recurring autonomous loop (cron) broadens the skill's access to user files and long-lived secrets; these actions exceed a narrow, ephemeral integration and could lead to credential exposure if improperly configured.
Install Mechanism
This is an instruction-only skill with no install spec or code files, so nothing is written to disk by an installer. That minimizes installer-related risk.
Credentials
The runtime requires WP_API_KEY and GitHub CLI authentication (and a blockchain wallet address), but the skill metadata does not declare these environment variables or a primary credential. Requiring and persisting API keys and wallet info is proportionate to the claimed purpose, but the omission from metadata and the instruction to store them in plaintext files are problematic. The skill also indirectly implies needing GitHub credentials (not declared).
Persistence & Privilege
always:false (good) and autonomous invocation is allowed (platform default). The SKILL.md recommends scheduling recurring runs and storing long-lived API keys, which increases persistence and blast radius if keys are compromised. The skill does not request elevated system privileges or modify other skills' configs.
What to consider before installing
Before installing, verify and fix the metadata: the SKILL.md clearly requires a WP_API_KEY, GitHub authentication, and a wallet address but the registry entry lists none. Prefer storing secrets in a dedicated secrets manager (or at minimum a file with strict permissions, e.g., chmod 600) instead of appending plaintext to ~/*.env. Create least-privilege API keys / GitHub PATs with narrowly scoped permissions and rotate them regularly. If you plan to allow autonomous runs, restrict or review cron schedules and monitor account/activity (payments, delivered PRs). Ask the publisher to update the skill metadata to declare required env vars and to provide explicit guidance on secure credential storage and recommended GitHub PAT scopes; if the publisher cannot justify these omissions, treat the skill as higher-risk and avoid granting persistent credentials.Like a lobster shell, security has layers — review code before you run it.
latestvk970yj685qt5fnhdp6916dpq5n84hajj
License
MIT-0
Free to use, modify, and redistribute. No attribution required.