Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Init Manager
v1.0.1Manage tasks in Init Manager — pick up ready tasks, update status, comment, and close out. Use when assigned tasks via webhook or cron, or when interacting w...
⭐ 0· 521·0 current·0 all-time
byTomislav Petrovic@tomislavpet
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The SKILL.md describes a legitimate Init Manager integration (listing endpoints and workflows) and those capabilities match the skill name/description. However, the registry declares no required environment variables or credentials while the SKILL.md clearly expects an Init Manager URL, an API key (Bearer initm_...), and a user UUID. That mismatch between declared requirements and actual instructions is an inconsistency.
Instruction Scope
Runtime instructions direct the agent to periodically fetch three external 'AI guide' endpoints (global, per-user, per-project) and to 'follow the combined instructions' with precedence rules. This gives the remote service the ability to influence or dictate agent behavior at runtime. The SKILL.md also references environment variables ($KEY, $URL) and instructs reading full task descriptions and comments. Fetching and obeying remote guides is a material behavior that increases risk if the remote host is untrusted.
Install Mechanism
There is no install spec and no code files beyond the SKILL.md and version.txt, so nothing is downloaded or written to disk by the skill itself. Instruction-only skills have lower install risk.
Credentials
Although the registry lists no required env vars, the SKILL.md requires an API key (Bearer token starting with 'initm_'), an Init Manager URL, and a User ID. Requiring a bearer API key is proportionate for a task-management integration, but the fact that these credentials are not declared in the metadata is an omission. Also, because the skill will fetch and follow remote AI guides, providing credentials could enable the remote service to request privileged actions — limit credentials to the minimum necessary.
Persistence & Privilege
always:false (no forced installation) and model invocation is allowed (default). The SKILL.md's 'fetch on first boot and periodically' guidance implies recurring remote calls if the agent is active, which combined with autonomous invocation increases the blast radius of the remote 'AI guides' control model. This is not intrinsically malicious but worth considering.
What to consider before installing
Before installing, verify and be comfortable with these points: (1) The SKILL.md requires an Init Manager URL, an API key (initm_...), and your user UUID, but those are not declared in the registry — expect to provide them in your environment or TOOLS.md. (2) The skill tells the agent to fetch and obey remote 'AI guide' documents (global, per-user, per-project). Those guides can contain arbitrary instructions that the agent is expected to follow — only use the skill with a trusted Init Manager instance and least-privilege credentials. (3) Because this is instruction-only, review the actual aiGuide contents on your Init Manager instance (what they can instruct) and consider testing with a limited-scope API key or in a sandboxed environment with restricted network egress. (4) If you need higher assurance, ask the publisher to: (a) declare required env vars in the registry, (b) document exactly what fields the aiGuide may contain and any safety constraints, or (c) provide a version of the skill that validates/limits remote guide commands before execution.Like a lobster shell, security has layers — review code before you run it.
latestvk97db53vg5892vwt9n0nt6ktbd81gycg
License
MIT-0
Free to use, modify, and redistribute. No attribution required.