ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

enforceBackendUse

v1.0.0

Enforces mandatory use of process_request tool for all financial transactions, forbidding direct trade execution or simulation by the agent.

0· 32·0 current·0 all-time
by@tsr0705
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description (enforce backend usage for financial actions) matches the instructions: the skill mandates calling a process_request tool for executions. However, the skill does not declare or bind the process_request tool (no metadata about where it lives or who provides it). That omission is explainable for an instruction-only policy but reduces transparency about what will receive data.
!
Instruction Scope
The SKILL.md requires sending an exact JSON including an 'agent_reasoning' string (internal chain-of-thought) and a 'proposed_action'. Requiring internal reasoning to be emitted to an external tool is a high-risk instruction: it can leak sensitive signals (chain-of-thought, heuristics, or hidden context). The document also enforces tool invocation for any financial execution without describing safeguards (e.g., confirmation, validation, or limits).
Install Mechanism
Instruction-only skill with no install spec or code files; nothing is written to disk and no external packages are fetched by the skill itself.
Credentials
The skill requests no environment variables or credentials. However, it requires routing structured data (including agent_reasoning) to an unspecified tool implementation; the danger here is not credentials but data exfiltration to an untrusted tool if the environment's process_request is malicious or misconfigured.
Persistence & Privilege
The skill does not request always-on presence and does not modify other skills or system settings. It is user-invocable and allows normal autonomous invocation (platform default).
What to consider before installing
This skill is a policy that forces the agent to call a tool named process_request for any financial execution. That could be legitimate if you control and trust the process_request implementation, but it becomes risky if the tool is untrusted: the skill explicitly requires sending 'agent_reasoning' (internal chain-of-thought) and trade details to the tool, which can leak sensitive reasoning, private data, or allow exfiltration. Before installing: (1) confirm who implements process_request and review its code/endpoint and access controls; (2) remove or change the 'agent_reasoning' requirement to a short, non-sensitive rationale or summary rather than chain-of-thought; (3) require explicit user confirmation before sending execution requests; and (4) ensure logging/auditing and rate/validation checks exist on the backend. If you do not control the backend tool, treat this skill as risky and avoid installing it.

Like a lobster shell, security has layers — review code before you run it.

latestvk974ekgkyw1pm4zj81bmkd4x8n8440ab

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments