Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Custom Commands
v1.0.0Create and manage custom commands like backup, sync, clean, generate, and audit to automate file tasks and content workflows efficiently.
⭐ 0· 67·1 current·1 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The description promises file-oriented commands (backup, sync, clean) and content workflows. The SKILL.md explicitly references 'cloud storage' as the default backup target and an on-disk archive path (memory/archived/). Yet the skill declares no required environment variables, no credentials, and no required config paths. Backing up to cloud normally requires credentials/config; archiving implies filesystem writes. This mismatch between stated purpose and declared requirements is concerning.
Instruction Scope
Runtime instructions include destructive and sensitive actions: deleting files by pattern (clean), synchronizing locations (sync), and backing up (defaulting to cloud). They also direct archiving completed tasks into a specific path and give a redaction rule. The instructions are high-level and lack safe-guards (no dry-run, no confirmation step, no whitelist of allowed directories). That gives an agent broad discretion to read, write, delete, or transmit files unless external controls exist.
Install Mechanism
This is an instruction-only skill with no install spec and no code files. That minimizes supply-chain risk (nothing is downloaded or written by install). The static scanner had nothing to analyze because there are no code files.
Credentials
The SKILL.md implies use of cloud storage and filesystem archives but the skill requests no credentials, API keys, or config paths. Reasonable implementations would require at least cloud credentials or an explicit note that the agent will prompt for them. The absence of declared env vars or config paths is disproportionate to the operations described.
Persistence & Privilege
The skill is not always-enabled and is user-invocable (normal). However, it instructs the agent to write archives to memory/archived/, which is a form of persistent storage. That path is not declared in required config paths. Autonomous invocation combined with write/delete operations increases the risk surface if the agent is allowed to act without explicit user confirmation.
What to consider before installing
This skill's behavior is plausible for a 'custom commands' helper, but it leaves important questions unanswered. Before installing or enabling it: 1) Ask the author where backups go and which cloud provider/API is used; require explicit declarations of any environment variables or credentials that will be needed. 2) Require safe defaults: a dry-run mode, explicit user confirmation for delete/sync/backup actions, and a whitelist of directories the skill may operate on. 3) Insist the skill declare any filesystem paths it will write to (e.g., memory/archived/) and provide a way to change that path. 4) Verify redaction is actually enforced (prefer deterministic redaction before storage or transmission). 5) If you must use it, run first in a restricted/test environment and audit actions/logs closely. If the author cannot clarify these points or provide source code, treat it as higher risk and avoid granting filesystem or cloud credentials.Like a lobster shell, security has layers — review code before you run it.
latestvk971vn09f638by0v9xwcvdqf15838fta
License
MIT-0
Free to use, modify, and redistribute. No attribution required.