ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Hackathon Manager

v1.1.0

Track hackathon deadlines, manage submission checklists, and monitor progress. Use when managing multiple hackathons, checking what's due soon, marking requirements complete, or extracting hackathon information from URLs to auto-populate deadlines and requirements.

0· 1.1k·0 current·0 all-time
bytonbi@tonbistudio
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description, SKILL.md, and the included scripts/manager.py are consistent: the tool stores hackathons in ~/.openclaw/workspace/hackathons.json, can import from a HACKATHONS.md, extracts info from provided URLs (via agent web_fetch) and optionally syncs with Google Calendar using the gog CLI. There are no unexpected credentials, cloud APIs, or unrelated binaries requested.
Instruction Scope
SKILL.md instructs the agent to run the local manager.py commands, to use web_fetch to retrieve hackathon pages when a URL is supplied, and to read HACKATHONS.md in the workspace. Those actions are within scope for a hackathon manager. Note: web_fetch will cause the agent to fetch arbitrary URLs you provide; the script also reads/writes local files (~/.openclaw/workspace) as expected.
Install Mechanism
This is an instruction-only skill with a local Python script and no install spec or downloads. Nothing is pulled from external URLs or installed on demand by the skill itself.
Credentials
The skill declares no required environment variables or credentials. The code briefly reads/sets ZONEINFO on Windows (to help the gog CLI) and checks USERNAME for a common Windows path — these are minor and proportional to the stated Google Calendar support. It does not request secrets or unrelated tokens.
Persistence & Privilege
always is false and the skill stores data only under the user's home directory (~/.openclaw/workspace/hackathons.json). It does not modify other skills or system-wide settings. It will invoke the gog CLI if the user asks to sync, which may create/delete calendar events (expected behavior).
Assessment
This skill appears to do what it says, but review and accept these behaviors before installing: - Data storage: it will create and modify ~/.openclaw/workspace/hackathons.json and may read a workspace HACKATHONS.md file. If you have sensitive data in those files, review them first. - URL fetching: when you provide hackathon URLs the agent will fetch those pages (web_fetch) to extract details — only provide URLs you trust. - Google Calendar: syncing uses the gog CLI (external tool). If you run gcal sync/remove the tool will create or delete events in your Google Calendar using whatever gog is authenticated with — verify gog's auth and permissions. - No secrets are requested by the skill itself, and it does not install remote code, but you can inspect scripts/manager.py locally (it's included) before use. If you want extra caution, run manager.py commands manually rather than letting an agent invoke them autonomously.

Like a lobster shell, security has layers — review code before you run it.

latestvk9788tcvz9fjy8r6pbskj3amc980y8ck

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments