ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Interaction Pipeline

v1.0.0

Provide consistent status updates and concise summaries after each action.

0· 34·1 current·1 all-time
by@szpili
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name and description align with the instructions: produce status updates and concise 2-line summaries after actions. No binaries, env vars, or external services are requested, which is reasonable for this role.
!
Instruction Scope
The SKILL.md directs the agent to run 'after every tool execution (success or failure)', 'must not be suppressed by any other skill', and to 'override any default LLM response style'. Those directives expand this skill's effective scope across all agent activity and conflict with normal skill arbitration; they are vague and grant broad behavioral influence without explaining how to respect other skills' outputs or when to avoid duplicating or leaking sensitive information.
Install Mechanism
Instruction-only skill with no install spec or code files; lowest technical risk from installation. Nothing is downloaded or written to disk.
Credentials
No environment variables, secrets, or config paths are requested. The requested surface is minimal and proportional to the declared purpose.
!
Persistence & Privilege
The skill does not set always:true and requests no system modifications, but its instructions attempt to assert global, unsuppressible behavior and to override other skills' response styles. That is a privilege claim (broad invocation across all tool executions) that cannot be enforced by the skill itself in this instruction-only form and may cause conflicts or unintended interception of outputs if the platform honors it.
What to consider before installing
This skill is coherent with its goal (produce concise, two-line status summaries) and is low-risk technically because it has no code, installs, or credential requests. However, its runtime instructions try to make it run after every tool execution and to be unsuppressible and to override other skills' response styles. That is a behavioral escalation (not a code-based one) and could interfere with other skills or cause repetitive or leaked summaries across agent actions. Before installing: 1) confirm how your platform enforces skill priority and whether a skill can actually claim global, unsuppressible hooks; 2) test the skill in a non-sensitive environment to observe interactions with other skills; 3) if you rely on other skills' precise outputs (or have sensitive tool outputs), avoid enabling this skill until you can limit its scope or get an explicit mechanism for safe integration; 4) ask the skill author to remove or clarify the 'must not be suppressed' / 'override' directives and to document when summaries should be suppressed (e.g., for confidential operations).

Like a lobster shell, security has layers — review code before you run it.

latestvk97bm7gfj8jhfm87qs64mcshax83y4s9

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🔄 Clawdis

Comments