Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
System Restoration
v1.0.0Restore Advantage HPE operational intelligence systems. Use when systems are down, missing alerts, broken scheduling, or data source issues. Covers LaunchD s...
⭐ 0· 58·1 current·1 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill claims to restore local Advantage HPE operational systems and includes steps to load LaunchD plists, run scripts, and create cron jobs — these actions are consistent with the stated purpose. However, the skill is hard-coded to a single user's home paths (/Users/stephendobbins/...) and assumes access to local integration credentials. The metadata declares no required env vars or config paths even though the instructions explicitly reference local files and tokens, which is an inconsistency.
Instruction Scope
SKILL.md instructs the agent to read and edit files under /Users/stephendobbins (scripts, .openclaw workspace, LaunchAgents), to copy backups, to create/load LaunchD plist files, and to check a local integrations.json that contains a Slack bot token. Those actions are within a restoration workflow but they also involve access to sensitive credentials and making persistent system changes. The instructions do not limit or gate access to those secrets or require explicit consent, and they reference paths that are not declared in the skill metadata.
Install Mechanism
There is no install spec (instruction-only skill), and included Python scripts appear to be local helpers (one writes a plist file, the other provides mock browser data functions). No external downloads or obscure install URLs are used. This is the lower-risk install pattern, but the presence of code files that manipulate system services increases the surface area compared to a pure-text guide.
Credentials
The skill does not declare any required environment variables or config paths, yet SKILL.md and references explicitly point to a local integrations.json (/Users/stephendobbins/.config/ranger/integrations.json) that contains a Slack bot token (example shows xoxb-...). Requesting or reading that file would expose credentials unrelated to the skill metadata. The number and sensitivity of local resources the instructions require (Slack token, user-specific directories, LaunchAgents) are disproportionate to what was declared.
Persistence & Privilege
The skill instructs creation of LaunchD plists and loading them (scripts/create-live-nudges-service.py writes com.ranger.live-nudges.plist). Those actions modify per-user persistent scheduling and are coherent with system restoration duties, but they are privileged operations that should be performed only after explicit local approval. The skill itself is not marked always:true, and it does not request to auto-enable itself — but its instructions enable persistent agents on the host.
What to consider before installing
This skill appears to be a practical restoration playbook for a specific user (stephendobbins) and will instruct reading/writing files and creating LaunchD services on the host. Before installing or running it: 1) Verify you are the intended machine/user — the skill uses hard-coded /Users/stephendobbins paths; running it on another account could fail or access the wrong files. 2) Manually inspect the referenced integrations file (/Users/stephendobbins/.config/ranger/integrations.json) — it contains a Slack bot token; do not allow the skill to read or transmit that token unless you trust the code and environment. 3) Review the included scripts (create-live-nudges-service.py and browser_data_sources.py) to ensure they do only what you expect; consider running them in a sandbox or with safe dry-run flags. 4) Prefer making system changes (launchctl load/unload, creating plists, copying backups) manually or via an audited maintenance process rather than letting an automated skill do them without explicit operator approval. 5) Ask the author to remove hard-coded user paths, declare required config paths/credentials in metadata, and add explicit consent prompts before reading any credential files. If you lack confidence in those changes, classify this skill as untrusted for production use.Like a lobster shell, security has layers — review code before you run it.
latestvk9726gbtayebs4r4aka8jqrcjh83rj53
License
MIT-0
Free to use, modify, and redistribute. No attribution required.