ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Trivia Quiz

v2.0.1

Play knowledge quizzes with facts, categories, and daily challenges. Use when learning topics, drilling flashcards, reviewing answers, tracking progress.

0· 367·2 current·2 all-time
by@bytesagain1
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description describe a local trivia/learning tool and the provided scripts implement that functionality. One inconsistency: SKILL.md lists Bash ≥4 and coreutils but does not mention Python 3, yet scripts/trivia.sh invokes python3. Other than that, required files and behavior (local data storage under TRIVIA_QUIZ_DIR) align with the stated purpose.
Instruction Scope
Runtime instructions and examples map to the shipped scripts. The SKILL.md and scripts only read/write files under the skill data directory (default ~/.local/share/trivia-quiz/), use standard utilities (date, wc), and print content; they do not reference unrelated system paths, credentials, or external endpoints. No network calls or unexpected data transmission are present.
Install Mechanism
No install spec (instruction-only) is present, which keeps the installation surface minimal. Code files are included in the package but there is no download-from-URL or archive extraction step. This is low-risk from an install mechanism perspective.
Credentials
The skill requires no credentials or special environment variables. It optionally respects TRIVIA_QUIZ_DIR and XDG_DATA_HOME/HOME for data location. There are no secret-like environment variables requested, nor access to unrelated configs.
Persistence & Privilege
always is false and the skill does not modify other skills or system-wide settings. It creates and writes to its own data directory (history.log and data.log) in the user's home area, which is expected for an app that stores notes and history.
Assessment
This skill appears to do what it claims: a local trivia/flashcard CLI that writes history and note logs to ~/.local/share/trivia-quiz/ (or $TRIVIA_QUIZ_DIR if you set it). Before installing/running: 1) Note that scripts/trivia.sh calls python3 — ensure you have Python 3 installed (SKILL.md omitted this). 2) If you want privacy, set TRIVIA_QUIZ_DIR to a directory you control and check file permissions: history.log and data.log are plaintext. 3) Review the two scripts (they are short and readable) or run them in a restricted environment if you prefer. 4) No network access or credentials are used by the skill, so there is no hidden exfiltration in the provided code.

Like a lobster shell, security has layers — review code before you run it.

latestvk979vss25zbffap01t0rxedvrs835kcvproductivityvk977cqr16e0qqjby8kqzvje2vd82rhgy

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments