ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Improve Skill Bespoke To CodeBase

v0.0.1

Meta-skill: evaluate any Factory Droid skill against the current project codebase and suggest concrete improvements. Use when: a skill feels incomplete, prod...

0· 473·3 current·3 all-time
bySoMaCo@somacosf
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name and description align with what the SKILL.md asks the agent to do: read a target skill's SKILL.md and supporting files, scan the current project, and produce prioritized improvement recommendations. Required binaries/env/configs are none, which is proportionate for a read-only analysis/meta-skill.
!
Instruction Scope
The instructions require reading other skills' SKILL.md, supporting files, the current project codebase, and the 'invocation history' and produced artifacts. Reading a skill's definition and supporting files is justified; however, 'invocation history' and 'produced artifacts' are not scoped or consented in the SKILL.md. The doc also states the droid can be 'Auto-invocable' and 'suggest improvements after observing skill friction' — this grants broad discretion unless constrained. The instructions lack explicit limits (what directories, maximum file sizes, whether secrets or user messages are excluded) and do not state whether any data will be transmitted elsewhere.
Install Mechanism
Instruction-only skill with no install spec and no code files. This minimizes filesystem/persistence risk — nothing will be downloaded or installed by the skill itself.
Credentials
The skill declares no required environment variables, credentials, or config paths. That is proportionate to the stated purpose of local analysis and reporting.
Persistence & Privilege
Skill metadata shows always: false and disable-model-invocation: false (normal). The SKILL.md's wording about being 'Auto-invocable' and 'suggest improvements after observing skill friction' implies potential background/autonomous triggering. Autonomous invocation is platform-default and not inherently a problem, but because the instructions permit reading invocation history and artifacts, users should be warned and given explicit consent controls.
What to consider before installing
This skill appears coherent for auditing and improving other skills, but before installing: 1) Confirm what data the agent will read — specifically whether it will access invocation history, chat logs, or other user messages. 2) Prefer running it only when you explicitly name the target skill (avoid 'discovery' or auto-invocation modes) to limit scope. 3) Ensure the SKILL.md is extended to specify directories to include/exclude, handling of secrets (do not read .env, secret files, or chat logs unless explicitly permitted), maximum file sizes, and that no data will be sent to external endpoints. 4) If you need to analyze a skill that has produced artifacts, consider running the audit in an isolated workspace or with redaction of sensitive data. 5) Ask the author to add explicit consent and scoping language to SKILL.md (what is OK to read, what must be skipped) and to document any automatic triggers — this will reduce privacy and surprise risks.

Like a lobster shell, security has layers — review code before you run it.

latestvk973c24yj5p8x5cqzsdkmgy1rh824j2g

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments