ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Timezone

v2.0.0

Convert times across world timezones and compare availability. Use when converting meetings, checking offsets, comparing zones, generating tables.

0· 114·0 current·0 all-time
bybytesagain4@xueyetianya
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description describe timezone conversion and availability features. The included script implements CLI commands (convert, compare, export, stats, etc.) and stores data under ~/.local/share/timezone — all expected for this purpose.
Instruction Scope
SKILL.md instructs using the CLI commands provided by the script and references only the local data directory. The runtime instructions and examples align with the script behavior. There are no instructions to read unrelated system files or send data externally.
Install Mechanism
No install spec is provided (instruction-only); a single shell script is included. This is low-risk — nothing is downloaded or executed from remote locations during install.
Credentials
The skill requires no environment variables, credentials, or config paths. The script writes only to the user's data directory (~/.local/share/timezone). No unrelated secrets or services are requested.
Persistence & Privilege
The skill does not request always: true, does not modify other skills, and only persists its own data under the user's home directory. It logs user-issued commands and their arguments to history.log — expected for this kind of utility.
Assessment
This skill appears coherent and offline: it is a small shell script implementing a timezone CLI and it stores logs and exports under ~/.local/share/timezone. Before installing, note that: 1) the tool will create and append to files in that directory (history.log and per-command logs), so avoid entering sensitive secrets as command arguments because they will be stored; 2) there is no automatic installer — you or your environment will need to place the script on PATH (review where it will be placed and its file permissions); 3) the export functionality writes files you may want to protect (check permissions); and 4) although the skill claims to be offline and the code contains no network calls, always review any updates or additional files for changes that could introduce external endpoints. If you want extra caution, run the script in a restricted user account or container first to confirm behavior.

Like a lobster shell, security has layers — review code before you run it.

latestvk97e2w33htg7bgtbrybr57j251835dyq

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments