ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Employee Reminder Ops

v1.0.1

Google Sheets-driven employee reminder and special-event reporting workflow for internal operations. Use when setting up or migrating birthday reminders, dai...

0· 128·0 current·0 all-time
byVĩnh Tâm@vt-mmm
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The skill claims to be a Google Sheets-driven reminder workflow (Plan A) which legitimately needs a Google CLI and chat bot tokens. However, the registry metadata declares no required binaries or environment variables, while the code requires the 'gog' CLI, Node.js runtime, and multiple environment variables (PLAN_A_SHEET_ID, DISCORD_BOT_TOKEN, GOG_ACCOUNT, etc.). Also the code contains hardcoded defaults (spreadsheet ID, Discord channel ID, gog account) that are unexpected in a generic skill package.
!
Instruction Scope
SKILL.md and the JS implement the intended workflow (read Sheets via gog, build reports, POST to Discord). That scope is coherent. Concerns: the demo script will execute the external 'gog' binary and POST to discord if run with a token; it reads/writes a .state file in the workspace (creates state and lastError). The bundled run-plan-a.sh contains an absolute user-specific path (/Users/vtammm/.openclaw/workspace) which is a leftover dev path and could cause surprising behavior if executed as-is.
Install Mechanism
There is no install spec (instruction-only + code files), which minimizes install-time risk. The runtime relies on external tools (Node.js and the gog CLI) and suggests using ClawHub; these are standard for this kind of skill. No remote download URLs or archive extraction are present. Still, the lack of declared required binaries in metadata is an inconsistency.
!
Credentials
The package metadata lists no required environment variables, but code and docs reference many environment variables including sensitive tokens (DISCORD_BOT_TOKEN, DISCORD_CHANNEL_ID), a GOG account, and local state paths. There are also hardcoded defaults for spreadsheet ID, Discord channel ID, and GOG_ACCOUNT inside the script — this both contradicts the SKILL.md statement that spreadsheet ID is 'deployment config' and increases the risk of accidental use of someone else's sheet or channel if not overridden.
Persistence & Privilege
The skill does not request elevated platform privileges or always:true. It writes a .state directory and state file under the working directory (by default process.cwd()/.state) to track sent reports and lastError; this is expected for duplicate-prevention but is persistent storage. The run script's hardcoded cd path is an out-of-package absolute path and should be removed/edited before running.
What to consider before installing
This skill appears to implement the claimed Google Sheets → Discord/Telegram reminder workflow, but there are important mismatches you should address before installing or running it: - Metadata vs reality: The registry metadata lists no required binaries or env vars, but the code requires Node.js and the 'gog' CLI and expects many environment variables (e.g., PLAN_A_SHEET_ID, DISCORD_BOT_TOKEN, GOG_ACCOUNT, PLAN_A_STATE_DIR). Treat those env vars as secrets (especially DISCORD_BOT_TOKEN). - Hardcoded defaults: The script embeds a default spreadsheet ID, a default Discord channel ID, and a default GOG account. Verify the default spreadsheet ID belongs to your organization (or overwrite it) — otherwise you may be reading or interacting with an unrelated sheet or channel. - Absolute path in run-plan-a.sh: The bundled shell helper contains a hardcoded developer path (/Users/vtammm/.openclaw/workspace). Do not run that script as-is; edit it to your environment or run the Node script directly from a controlled location. - State files: The tool will create and update a .state directory and JSON state file in the working directory; inspect those files and ensure your runtime location is appropriate and not a shared/public repo. - Safe testing: Before connecting any real bot token, run the preview and json modes (node plan-a-demo.js preview or json) to inspect output. Only run 'send' or 'prod-send' after you have confirmed configuration and used a test Discord/Telegram bot and test channel. - Secrets handling: Follow the SKILL.md advice: do not commit tokens to Git, use local .env files that are excluded from VCS, and rotate tokens if they are accidentally exposed. If you need higher confidence, request that the publisher update the registry metadata to declare required binaries/env vars and remove or replace the hardcoded defaults and absolute paths. Review the plan-a-demo.js source yourself (or in an isolated environment) before granting any secrets or scheduling automated runs.
scripts/plan-a-demo.js:24
Shell command execution detected (child_process).
scripts/plan-a-demo.js:8
Environment variable access combined with network send.
!
scripts/plan-a-demo.js:34
File read combined with network send (possible exfiltration).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk972jbehx13q4ze8nj3b64bwn98354z0

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments