Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Skill Forge
v0.3.0AI 技能自动发现、评估、集成、验证、宣传闭环系统 — 跨生态技能市场引擎
⭐ 0· 762·5 current·5 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The SKILL.md describes a complex pipeline (scanning GitHub/HuggingFace/Reddit/X/ProductHunt, cloning repos, running YARA scans, detecting local runtimes, auto-integrating and publishing skills, and auto-posting to X). The skill metadata, however, declares no required binaries, no environment variables, and no install steps. That is internally inconsistent: the pipeline clearly needs tools (pnpm/node/git/YARA), network access, and credentials for publishing (X/Twitter, ClawHub), none of which are declared.
Instruction Scope
The instructions tell an agent to run a multi-stage pipeline (pnpm pipeline) that will read/write /Volumes/data/openclaw/evolution-engine, clone external repositories, run compatibility and security scans, produce skill.json/SKILL.md and auto-publish (clawhub publish, announce to X). This scope includes broad filesystem access, network crawling, code execution, and external publishing — far beyond a simple information-only skill and not limited by metadata or guardrails in the SKILL.md.
Install Mechanism
No install spec (instruction-only), which lowers direct install risk because nothing is automatically written by the registry. However, the runtime assumes pnpm/node, git, YARA and other tooling are present and will execute pipelines that could fetch and run arbitrary code. The lack of declared required binaries is a mismatch (should list pnpm/node/git/YARA at minimum).
Credentials
SKILL.md names dependent skills that require credentials (e.g., x-twitter needs TWITTER_BEARER_TOKEN; social-sentiment needs an Xpoz account) and implies publishing actions (ClawHub, X). Yet the skill metadata lists no required environment variables or primary credential. This discrepancy means the skill will expect secrets/credentials at runtime without declaring them, which is a proportionality and transparency issue.
Persistence & Privilege
always is false (normal) and autonomous invocation is allowed (platform default). Autonomous invocation combined with the pipeline's ability to publish externally (post tweets, publish skills) increases potential impact if misconfigured, but autonomy alone is not flagged here. There's no evidence the skill requests permanent system-wide config changes, but it does operate on host filesystem paths and may push content externally.
What to consider before installing
This skill is 'suspicious' because its runtime steps do things (clone repos, run scans, publish to X/ClawHub) that are not reflected in the metadata. Before installing or invoking it: 1) Do not run its pipeline on your primary machine — use an isolated sandbox or VM. 2) Ask the author for a full manifest of required binaries and environment variables (pnpm/node/git/YARA, TWITTER_BEARER_TOKEN, ClawHub credentials, etc.) and why each is needed. 3) Inspect the actual implementation code (the GitHub repo link is provided) — review scripts that the pipeline executes, any auto-publish logic, and what data is uploaded to external services. 4) Limit the credentials you provide to least privilege (e.g., scoped tokens) and prefer time-limited/test accounts. 5) If you must run it, do so with network controls and file-system snapshots so you can undo changes and monitor outbound activity. 6) If the repo or code is not available for review or the author cannot justify the undeclared credentials/tools, avoid granting sensitive tokens or running the pipeline.Like a lobster shell, security has layers — review code before you run it.
agentvk97evy1sfdem8tcc2zrn1y7k49817qzhaivk97evy1sfdem8tcc2zrn1y7k49817qzhautomationvk97evy1sfdem8tcc2zrn1y7k49817qzhevolutionvk97evy1sfdem8tcc2zrn1y7k49817qzhlatestvk97evy1sfdem8tcc2zrn1y7k49817qzhsentimentvk97evy1sfdem8tcc2zrn1y7k49817qzhtwittervk97evy1sfdem8tcc2zrn1y7k49817qzh
License
MIT-0
Free to use, modify, and redistribute. No attribution required.