ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Ceo Notify Agents

v1.0.0

Automation skill for Ceo Notify Agents.

0· 289·1 current·1 all-time
by@stingan
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The declared purpose is to notify other agents by writing shared-memory notification files, and the SKILL.md does exactly that. However the implementation uses hard-coded, user-specific absolute paths (/Users/anran/...) and a fixed binary location for openclaw, which is not coherent for a reusable or general-purpose skill.
!
Instruction Scope
Runtime instructions run a shell script that creates files under a specific Documents path and appends messages to per-agent logs and an all.log, then calls an absolute openclaw CLI path to index memory. These actions are within the stated notification scope but reference specific filesystem locations and execute a binary at a hard-coded path—both of which expand privilege and risk and are not declared or configurable in the skill.
Install Mechanism
This is an instruction-only skill with no install spec or downloaded code, which minimizes install-time risk. Nothing is written by an installer, but the runtime exec action will write files when invoked.
!
Credentials
The skill requests no environment variables or credentials, yet it assumes access to /Users/anran/... and to /Users/anran/.npm-global/bin/openclaw. That mismatch (no declared required env/config but reliance on user-specific paths) is disproportionate and brittle; it could fail or inadvertently manipulate files in that user's home if run in a different environment.
Persistence & Privilege
The skill is not always-enabled and does not request elevated platform privileges. Its main persistent effect is writing notification files and invoking the OpenClaw memory indexer, which is consistent with its function but should be scoped via configuration rather than fixed paths.
What to consider before installing
This skill writes notification files to hard-coded user paths and runs an absolute openclaw CLI binary—things that should be configurable. Before installing: verify the skill's source/author; do not install if you don't trust them. If you want to use it, ask the author to (1) replace hard-coded paths with configurable env vars or relative paths, (2) avoid absolute references to a single user's home and to ~/.npm-global, and (3) document the required runtime binary and permissions. Run the skill in a sandbox or test environment first to confirm it only writes the files you expect. If you cannot get a trustworthy author or safer config, treat this as risky because it can modify files and trigger indexing of agent memory.

Like a lobster shell, security has layers — review code before you run it.

latestvk97empb59104fscw9xtatktezh82er5j

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments