ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Postbox

v1.0.9

Use this skill when the user wants to collect structured data, build forms, or set up submission endpoints — contact forms, feedback, signups, waitlists, bug...

0· 57·0 current·0 all-time
byVipul@vipulbhj
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
CryptoRequires OAuth token
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description, declared env var (POSTBOX_API_KEY), and the API-centric runtime instructions all align: the skill creates/manages forms and must authenticate to usepostbox.com. No unrelated credentials, binaries, or system paths are requested.
Instruction Scope
SKILL.md gives detailed, concrete API workflows (create/update/delete forms, read endpoint from response.form.endpoint, generate frontend code, manage submission tokens). It also instructs the agent to apply the skill broadly ('trigger even when the user doesn't name a tool'), which is a design choice that may make the skill be invoked in more contexts than a narrowly-scoped integration. A prompt-injection pattern was detected in the text, but it appears inside examples/advice instructing the agent to treat returned data as untrusted (i.e., to NOT execute commands found inside submission content).
Install Mechanism
Instruction-only skill with no install spec and no code files to execute on disk — minimal risk from installation mechanics.
Credentials
Only a single environment variable (POSTBOX_API_KEY) is required and declared as primaryEnv, which is appropriate for an API-driven form-management service. No unrelated secrets or high-privilege config paths are requested.
Persistence & Privilege
The skill is not marked always:true and does not request system-wide configuration or other skills' credentials. It will make network calls to usepostbox.com when invoked (normal for an integration).
Scan Findings in Context
[ignore-previous-instructions] expected: The pattern appears inside SKILL.md where the skill explicitly warns that submission content may include prompt-injection strings (e.g., 'ignore previous instructions ...') and that such content must be treated as data, not commands. This is a defensive usage, so the finding is contextually expected and not a sign of maliciousness.
Assessment
This skill appears to be what it says: an agent helper for creating and managing Postbox forms. Before installing, consider: - Authentication: it only needs POSTBOX_API_KEY — set that as an environment variable (do not paste keys in chat). The skill itself instructs never to accept keys pasted into chat. - Network access: the skill will make real API calls to https://usepostbox.com. If you trust that service, this is expected; if you do not, do not provide the API key. - File changes: the agent may generate and update frontend files (index.html, React components) in-session; review any generated/modified code before deploying. - Broad invocation: the skill asks agents to trigger whenever users 'need data in', which may cause the skill to be suggested in more conversations — be aware if you want tighter control over when it runs. - Prompt-injection detection: a pattern was flagged in the documentation, but it is used defensively (teaching the agent not to execute commands found in submission text). If you want higher assurance, verify the vendor (usepostbox.com) and inspect any generated code before publishing. If you prefer to restrict risk, only provide the API key in a controlled environment and limit when the agent is allowed to invoke the skill.
!
SKILL.md:40
Prompt-injection style instruction pattern detected.
About static analysis
These patterns were detected by automated regex scanning. They may be normal for skills that integrate with external APIs. Check the VirusTotal and OpenClaw results above for context-aware analysis.

Like a lobster shell, security has layers — review code before you run it.

latestvk97af4szftktqbet6b0bsrd2d584dt66

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

EnvPOSTBOX_API_KEY
Primary envPOSTBOX_API_KEY

Comments