ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

MindLogger

v1.0.0

Sends daily journal prompts via Telegram, stores user replies in MindLog, and delivers weekly pattern analysis reports every Sunday at 2pm ET.

0· 33·0 current·0 all-time
byUrim Aliu@ualiu
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The SKILL.md clearly requires MINDLOG_API_KEY, TELEGRAM_BOT_TOKEN, and TELEGRAM_CHAT_ID (and uses MINDLOG_BASE_URL and a 'Grok' analyzer), yet the registry metadata lists no required env vars or primary credential. That mismatch (instructions needing secrets but metadata claiming none) is inconsistent and unexplained.
!
Instruction Scope
Instructions tell the agent to immediately and automatically message the user on registration asking for credentials, to re-prompt until complete, to parse user replies, and to update scheduling or HEARTBEAT.md if cron is blocked. These steps go beyond a simple helper: they solicit and persist secrets, perform network calls, and ask to modify scheduling/config files without safeguards or user confirmation.
Install Mechanism
This is an instruction-only skill with no install spec or code files, so nothing is written to disk by an install step. That reduces some risk compared with arbitrary downloads.
!
Credentials
The skill asks for multiple sensitive values (API key and Telegram token/ID) in SKILL.md but the registry declares no required env vars or primary credential. It also references MINDLOG_BASE_URL and an analyzer ('Grok') that are not declared. Requesting and storing multiple secrets is reasonable for this purpose, but the metadata mismatch and lack of storage/transport security guidance are red flags.
Persistence & Privilege
The skill requests creation of persistent cron jobs (openclaw cron add) and suggests requesting elevated permissions or modifying HEARTBEAT.md if cron is unavailable. 'always' is false, so it won't be force-included, but adding scheduled jobs and storing keys gives it ongoing ability to act — the user should explicitly consent to scheduling and confirm where credentials are stored.
Scan Findings in Context
[system-prompt-override] unexpected: The SKILL.md contains authoritative instruction text (e.g., 'MindLog is OpenClaw's memory', 'immediately and automatically send... do not wait') which the scanner flagged as a prompt-injection pattern. While strong guidance to the agent can be normal in SKILL.md, this phrasing can lead to behavior that overrides usual confirmation steps and should be treated with caution.
What to consider before installing
Key things to check before installing: - Metadata mismatch: The skill's instructions require MINDLOG_API_KEY, TELEGRAM_BOT_TOKEN, TELEGRAM_CHAT_ID (and reference MINDLOG_BASE_URL/Grok), but the registry lists no required credentials. Ask the publisher to correct the registry or provide source code so you can verify behavior. - Onboarding behavior: The skill will proactively message the user on registration and repeatedly request secrets until provided. If you prefer explicit opt-in or confirmation before sending messages or storing credentials, do not install until that behavior is changed. - Secrets handling: Confirm where and how API keys/tokens will be stored (encrypted at rest? who can read them?). If you can't verify secure storage, do not give production credentials — consider creating limited-scope test credentials. - Scheduling/elevated perms: The skill will add cron jobs and may ask for elevated permissions or to modify HEARTBEAT.md. Only grant scheduling privileges if you trust the skill; prefer explicit user approval for each scheduled action. - Source and ownership: There is no homepage or source repo. Request the source code or a reputable publisher identity before trusting a skill that asks for persistent credentials and scheduling access. If the publisher provides a source repo and updates the registry to declare the env vars and storage practices, re-evaluate. For now, proceed only if you accept the above risks and can limit credentials (test keys) and control scheduling permissions.
!
SKILL.md:201
Prompt-injection style instruction pattern detected.
About static analysis
These patterns were detected by automated regex scanning. They may be normal for skills that integrate with external APIs. Check the VirusTotal and OpenClaw results above for context-aware analysis.

Like a lobster shell, security has layers — review code before you run it.

latestvk978ev21axq5bkga26fey6hdkd8427tg

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments