ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Her Agent Dashboard

v1.0.0

Her-Agent发展进度看板 - 实时显示自我意识、情感、知识图谱、学习进度、进化状态。打开web dashboard查看详细数据。

0· 86·1 current·1 all-time
by@wenqin1688
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (a local dashboard showing agent state) aligns with included files: a dashboard HTML and a Python updater that reads local workspace files (diary, notes, learnings) to populate the UI. The resources requested by the skill are proportionate to showing a local dashboard.
Instruction Scope
SKILL.md instructs the user to open ~/.openclaw/workspace/her-agent-dashboard/index.html. The runtime script (scripts/update_dashboard.py) reads files under ~/.openclaw/workspace (diary entries, library notes, .learnings/LEARNINGS.md) to generate the HTML. Reading these local user files is expected for a dashboard but is privacy-sensitive—the instructions do not attempt to read unrelated system paths or credentials.
Install Mechanism
No install spec; no packages are downloaded by the skill itself. index.html loads D3 from the public d3js.org CDN (a standard visualization library). No extracted archives or obscure download URLs are present.
Credentials
The skill requires no environment variables, credentials, or declared config paths. The updater directly reads files under the user's home (~/.openclaw/workspace). That file access is proportional to the dashboard purpose but means the skill will process local personal data (diary, notes).
Persistence & Privilege
The skill is not flagged always:true and does not modify other skills or global agent settings. The updater writes/overwrites the local index.html in its own workspace directory (expected behavior for a dashboard generator).
Assessment
This skill appears to do what it says: generate a local dashboard that reads your OpenClaw workspace (diary, learning notes, .learnings). Before installing/using it, review and confirm you are comfortable with the updater reading those directories (~/.openclaw/workspace/diary, ~/.openclaw/workspace/library, ~/.openclaw/workspace/.learnings). The only external resource it references is d3js.org (a public CDN) — if you prefer avoiding remote libraries, you can host D3 locally or remove that script tag. If you have sensitive content in the referenced directories, either move it or inspect the script and run it in a sandbox. If you want higher assurance, run scripts/update_dashboard.py manually and inspect the generated index.html before opening it in a browser.

Like a lobster shell, security has layers — review code before you run it.

latestvk974yedrsmgrv94prw2jb7e7cx83m8w0

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments