Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Movi Review-First Bundle
v1.0.0Teach an agent to install Movi's local MCP server, stay review-first, and use the safest manifest and batch-analysis tools before deeper mutation.
⭐ 0· 46·0 current·0 all-time
byYifeng[Terry] Yu@xiaojiou176
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
The name/description promise (install and run a local Movi MCP server and follow a review-first workflow) matches the included content: SKILL.md, INSTALL.md, demo, configs, and a canonical_repo pointing to a GitHub repo that contains the tooling. The manifests and reference files consistently describe local-first usage and explicitly avoid claiming hosted listings.
Instruction Scope
The runtime instructions direct the operator to clone the referenced GitHub repo and run repo-provided scripts (bash tooling/runtime/bootstrap_env.sh, npm run mcp:tools, etc.). These steps are coherent with installing a local toolchain but do allow arbitrary code execution from the cloned repository; the SKILL.md itself does not attempt to read unrelated system files or exfiltrate data. It also instructs replacing placeholder absolute paths before attaching the MCP server, which is a reasonable safety step but requires operator attention.
Install Mechanism
This is an instruction-only skill (no install spec). The packet instructs the host to git-clone a public repo (canonical_repo: xiaojiou176-open/movi-organizer) and run npm/bash scripts. Downloading and running remote repository code is expected for this purpose but carries the usual risk of executing external code; the package does not itself embed binary downloads from unknown hosts or use obscure URLs.
Credentials
The skill declares no required environment variables or credentials, which aligns with its local-first claim. However, the instructions implicitly require runtime tools (bash and Node/npm) and filesystem access to check out and run the repo; these binaries are not enumerated in the metadata. No unrelated cloud credentials or secrets are requested.
Persistence & Privilege
The skill is not always:true and does not request persistent privileges. It is user-invocable and can be invoked autonomously by the agent (platform default), but nothing in the packet requests elevated system configuration changes or modifies other skills' settings.
Assessment
This skill is internally coherent for installing and using a local Movi MCP review-first workflow, but it instructs you to clone and run code from the repository xiaojiou176-open/movi-organizer. Before you run any bootstrap or npm scripts: (1) inspect the repository contents and the specific scripts referenced (tooling/runtime/bootstrap_env.sh, tooling/gates/verify_repo_final.sh, run_mcp_stdio.sh, package.json scripts) to ensure they do not perform unwanted actions; (2) replace any placeholder absolute paths in the provided config snippets so they do not point to sensitive locations; (3) run the install steps in a sandboxed or least-privileged environment if possible (container/VM); (4) ensure your host has bash and Node/npm installed — add these as explicit prerequisites if you plan to rely on the skill; and (5) if you need higher assurance, request the repository owner provide a reproducible build artifact or a vetted release rather than running master branch scripts directly. Overall: coherent and plausible for its stated purpose but exercise normal caution when cloning and executing third-party repository scripts.Like a lobster shell, security has layers — review code before you run it.
batchvk97d4de0f0m7vd1afppvpwpktd84gfw2latestvk97d4de0f0m7vd1afppvpwpktd84gfw2mcpvk97d4de0f0m7vd1afppvpwpktd84gfw2mediavk97d4de0f0m7vd1afppvpwpktd84gfw2movivk97d4de0f0m7vd1afppvpwpktd84gfw2review-firstvk97d4de0f0m7vd1afppvpwpktd84gfw2
License
MIT-0
Free to use, modify, and redistribute. No attribution required.