ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Site Mcp Consumer

v1.0.0

Wire one site-scoped read-only MCP sidecar to a local Campus Copilot snapshot.

0· 62·1 current·1 all-time
byYifeng[Terry] Yu@xiaojiou176
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The described goal (wire a site-scoped read-only MCP sidecar to a local Campus Copilot snapshot) matches the SKILL.md steps. However, the skill does not declare required tooling or env vars even though the instructions expect them (e.g., pnpm and the CAMPUS_COPILOT_SNAPSHOT variable). This is an internal inconsistency rather than a capability mismatch.
!
Instruction Scope
SKILL.md instructs the agent to set CAMPUS_COPILOT_SNAPSHOT and to run pnpm --filter @campus-copilot/mcp-readonly start:<site>, and it references local example config files and an 'openclaw' config shape. The skill metadata declares no required env vars, binaries, or config paths — so the instructions access resources/config that weren't declared. While the actions described are limited to local snapshot wiring and read-only operations, the mismatch means an operator won't know what preconditions/tools are needed.
Install Mechanism
There is no install spec and no code files; this instruction-only skill does not write to disk or fetch remote code during install, which minimizes install-time risk.
Credentials
No credentials or sensitive env vars are declared. The instructions do ask the user to point CAMPUS_COPILOT_SNAPSHOT at a JSON file (a path-like env var) which is not a secret but was not declared in requires.env. There are no requests for unrelated credentials — proportionality is acceptable but under-documented.
Persistence & Privilege
always is false and the skill is user-invocable with normal autonomous invocation allowed. Nothing in the metadata requests elevated or permanent presence or modifications to other skills.
What to consider before installing
This skill appears to do what it says (wire a local, read-only snapshot sidecar), but the SKILL.md references tools and an environment variable that aren't declared in the metadata. Before installing or using it: 1) verify you have pnpm and the named @campus-copilot sidecar package and binaries available locally; 2) confirm the intent and contents of CAMPUS_COPILOT_SNAPSHOT (it's a path to a JSON snapshot — ensure it contains only non-sensitive test data and not live credentials or tokens); 3) inspect the example config files referenced in the repo to ensure they don't contain secrets or unexpected remote endpoints; and 4) ask the publisher to update the skill manifest to declare required binaries (pnpm or the specific sidecar binaries) and the CAMPUS_COPILOT_SNAPSHOT env var so preconditions are explicit. These steps reduce operational surprises — the current mismatch is likely sloppy documentation, but it should be fixed before trusting the skill in production.

Like a lobster shell, security has layers — review code before you run it.

campus-copilotvk97fxbztxsn3m8edeza7xk95t584jd23latestvk97fxbztxsn3m8edeza7xk95t584jd23read-onlyvk97fxbztxsn3m8edeza7xk95t584jd23

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments