Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Trump
v0.1.0Chat with Trump - respond in Trump's voice using his real quotes and speech patterns. Use when user wants to talk to Trump or asks Trump-like questions.
⭐ 0· 32·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill's files (quote_db.py, scraper.py, persona prompts) align with the stated goal of producing Trump-like replies from a quotes database. No external credentials or network endpoints are required by the registry metadata. However, SKILL.md sets disable-model-invocation: true while the instructions require the agent to 'formulate a Trump-style response' using persona rules and quotes—this is a functional contradiction: the skill both disables model invocation (preventing the LLM from generating the response) and instructs the agent to create stylized text. That's not coherent with normal platform semantics.
Instruction Scope
Runtime instructions tell the agent to run a Bash / Python snippet that reads the local quote DB (via ${CLAUDE_SKILL_DIR}) and then 'formulate' a response using hard persona rules. The script only reads local data, but the persona enforces aggressive, dismissive language and use of nicknames (e.g., 'Sleepy Joe', 'Crooked Joe') and 'attack critics'. That expands the skill's behavioral scope into targeted political attack/harassment. SKILL.md also references $ARGUMENTS and ${CLAUDE_SKILL_DIR} (platform-provided variables) which are not declared in requires.env but are expected; this is a minor mismatch but typical for platform skills.
Install Mechanism
No install spec is provided; this is instruction+code-only. There is a requirements.txt listing common scraping libs (requests, beautifulsoup4, lxml) but nothing in the registry forces installation. No remote downloads or extract-from-URL operations appear in the package, lowering install risk. The included scraper mentions integration with an external 'Tavily MCP' search in comments, but the shipped scraper uses a hardcoded dataset and does not perform network calls as written.
Credentials
The skill requests no environment variables, credentials, or config paths in metadata. At runtime it expects platform-provided variables (${CLAUDE_SKILL_DIR}, $ARGUMENTS) to locate files and pass topics; that is proportional to its function. It does not request unrelated secrets. The main remaining concern: the scraper and requirements enable web scraping if someone runs it manually, which could cause network access, but the skill as packaged does not declare or require external credentials.
Persistence & Privilege
always is false and the skill is user-invocable only. disable-model-invocation is true in SKILL.md which is atypical for a conversational persona skill and creates operational inconsistency (see purpose_capability). The skill does not request system-wide config changes or other skills' credentials.
What to consider before installing
Key things to consider before installing:
- Functional contradiction: SKILL.md disables model invocation but still instructs the agent to craft stylized replies; ask the author which behavior is intended. If model invocation is actually disabled, the skill can't produce the persona responses the README promises.
- Content behavior: The persona enforces aggressive nicknames, attacks, and explicit rules to 'never apologize' or 'attack critics'. Expect potentially abusive / political persuasion outputs; this may violate platform or legal rules depending on your use case and jurisdiction.
- Local data & scraping: The skill reads/writes a local SQLite DB (data/trump_quotes.db) via tools/quote_db.py and includes a scraper that could be extended to perform web requests. Review the scraper before running and, if you run it, do so in a controlled environment (no credentials, network sandbox) and consider whether you want the DB populated with potentially inflammatory content.
- Minimal secrets risk: The skill does not request any credentials or remote endpoints in the registry metadata, which is good. Still, inspect any manual steps you follow (e.g., pip installing requirements) and avoid running unreviewed networked scripts.
Recommendations: ask the publisher to clarify the disable-model-invocation setting; if you proceed, run the skill in a sandbox, review/modify the persona rules to remove explicit harassment instructions, and review scraper code before using it to fetch external data.Like a lobster shell, security has layers — review code before you run it.
latestvk974c5y53cxz09hwjeet2s61ns849tgv
License
MIT-0
Free to use, modify, and redistribute. No attribution required.