Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description (currency conversion) align with the included script and SKILL.md. The code calls a public exchange-rate API and performs amount/currency normalization and formatting — all expected for this purpose.
Instruction Scope
SKILL.md instructs the agent to parse user input, normalize currency codes, run the local Python script, and return friendly text. The instructions do not request unrelated files, credentials, or opaque data collection. They explicitly note only network access is needed.
Install Mechanism
No install spec is provided (instruction-only), which keeps risk low. There is a requirements.txt (requests) but no automated installer; the agent environment must have Python and the requests library available. This is an operational note, not a security concern.
Credentials
The skill requires no environment variables, no credentials, and no config paths. The only external access is to a public exchangerate-api.com endpoint for live rates, which is proportionate to the stated function.
Persistence & Privilege
The skill is not always-enabled and does not request persistent or elevated privileges. It does not modify other skills or system settings.
Assessment
This skill appears safe and coherent: it only needs network access to a public exchange-rate API and no secrets. Before installing, ensure your agent environment has Python 3 and the 'requests' package available, and that you are comfortable allowing outbound requests to https://api.exchangerate-api.com (API provider may log requests). If you require a different or authenticated data provider, review/modify the script to use your preferred API and credentials. Note: there is a minor robustness bug (date handling) that may affect the displayed update time but not security.Like a lobster shell, security has layers — review code before you run it.
latestvk97f9dx752nt26j1cep8tykfan81rktm
License
MIT-0
Free to use, modify, and redistribute. No attribution required.