ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Consent

v2.0.1

Build cookie consent banners and track opt-in compliance status. Use when implementing GDPR consent, auditing cookies, generating privacy banners.

0· 233·0 current·0 all-time
by@bytesagain1
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description align with required artifacts and behavior: the skill provides local commands for recording consent, audits, token rotation logs, exporting, and searching. Nothing requested (no env vars, no external binaries) is out of scope for a local consent logger.
Instruction Scope
SKILL.md and the script instruct the agent/user to write and read timestamped plain-text log entries under ~/.local/share/consent. There are no instructions to read unrelated files or call external endpoints, but many commands will record arbitrary input (including credentials or PII) verbatim into logs and history.log.
Install Mechanism
There is no install spec (instruction-only skill) and only a bundled Bash script. No remote downloads or package installs are requested.
Credentials
The skill requires no environment variables, credentials, or config paths beyond creating and using a local data directory — proportional to its stated purpose.
Persistence & Privilege
always is false and the skill does not request elevated or global agent privileges. It writes only to its own data dir (~/.local/share/consent) and does not modify other skills or system-wide agent configs.
Assessment
This skill is internally consistent and appears to be a simple, offline consent/audit logger. Important cautions before installing or using it: - Data is stored as plain text under ~/.local/share/consent (per-command .log files and history.log). Do not store production secrets, unencrypted passwords, or sensitive PII there. - Exports merge all logs into single files (export.*) and will include everything logged — treat those files as sensitive. - Consider hardening: set the data directory to restrictive permissions (chmod 700), run in a limited account or container, and avoid logging raw secrets. If you need secure storage, use an encrypted store or modify the script to encrypt entries at rest (or to not capture secrets). - The script appears to make no network calls, requests no credentials, and contains no obfuscated code, but you should still inspect the bundled script before running and consider running in an isolated environment if you have high-sensitivity data needs.

Like a lobster shell, security has layers — review code before you run it.

latestvk971518fv8evx48fmmvhwqaqw9835xca

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments