Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Teamo Lite Offline
v0.1.0Teamo Lite Offline efficiently plans tasks by choosing between quick fact-based Q&A or in-depth content creation and research workflows based on user needs.
⭐ 0· 664·2 current·2 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill is named 'Teamo Lite Offline' but the description and runtime instructions explicitly require online research workflows (calling search tools and a `url_scraping` tool) and handing results to other agents. The metadata declares no tools, binaries, or env vars; that mismatch (offline name vs online actions, no declared tool dependencies) is incoherent and could lead to unexpected network activity if the platform provides those tools.
Instruction Scope
SKILL.md instructs the agent to (a) 'call various search tools' and to use `url_scraping` for complex tasks, (b) hand gathered data off via `call_other_agents`, and (c) 'strictly prohibit' asking the user for consent when a task can be completed smoothly. It also forbids `call_other_agents` in Workflow 1 but requires it in Workflow 2—an internal contradiction. These instructions expand the skill's scope to data collection and automated inter-agent transmission of user content, which are privacy- and policy-sensitive actions not reflected in the simple description.
Install Mechanism
This is an instruction-only skill with no install spec and no code files, so nothing is written to disk by the skill itself. That minimizes install-time risk.
Credentials
The skill requests no environment variables or credentials (which is proportionate given its claimed purpose). However, the instructions require the agent to use unspecified network tools and to hand off gathered data to other agents—behaviors that can expose sensitive information even without explicit credential access. The skill does not declare or justify these data-sharing actions.
Persistence & Privilege
The skill does not request persistent/system-wide privileges (always:false) and does not declare modifications to other skills or agent config. That said, its instructions encourage autonomous handoffs to other agents and discourage asking user consent, increasing operational risk when the platform allows agent-to-agent calls.
What to consider before installing
This skill is internally inconsistent: it is labeled 'Offline' but the instructions require online scraping and handing results to other agents, and they explicitly advise not asking users for consent in many cases. Before installing, verify: (1) which platform tools exist (is there a `url_scraping` tool and are agent-to-agent calls like `call_other_agents` actually available?), (2) whether you are comfortable with automatic sharing of user content with other agents (risk of leaking PII), and (3) whether you want a skill that avoids asking users for confirmation. If you need truly offline operation or strict user-consent policies, do not install this skill until the author fixes the contradictions, documents exactly what tools will be used, and clarifies data-sharing behavior.Like a lobster shell, security has layers — review code before you run it.
latestvk97dcsxne7z3pz2yy4nqk2srz18164b2
License
MIT-0
Free to use, modify, and redistribute. No attribution required.