ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Yummy Shared

v1.0.0

Use when operating yummycli for the first time, checking Gemini credential status, handling yummycli JSON command output, or applying shared CLI safety rules...

0· 14·0 current·0 all-time
by@yummysource
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description align with yummycli/Gemini helper behavior and the declared binary requirement (yummycli) makes sense. However, declaring GEMINI_API_KEY as a required primary credential for a 'shared rules' helper is unusual — a rules-only helper could be conditional (check status) without requiring an API key be present at load time. Also the SKILL.md contains an install block (npm package @yummysource/yummycli) even though the registry metadata reported 'no install spec', which is an inconsistency.
Instruction Scope
SKILL.md instructions stay within expected scope: it runs yummycli auth/status and gemini init, parses JSON output and enforces reasonable safety rules (only local images, preserve input order, avoid unintended overwrites, report output path). It does not instruct reading other system files or exfiltrating data.
!
Install Mechanism
The skill file includes an 'install' block referencing an npm package @yummysource/yummycli (creates yummycli bin). The registry summary claimed there was no install spec — that mismatch is concerning. Installing an npm package is a moderate-risk action (package provenance should be verified). There is no external arbitrary download URL, which reduces highest-risk concerns, but the inconsistency should be clarified and the package source reviewed before installing.
!
Credentials
The skill requires a single sensitive env var GEMINI_API_KEY and marks it as primary. That is plausible for Gemini image operations, but a 'shared rules' helper doesn't obviously need persistent access to the secret. Because the skill is declared always: true (see below), the token would be available to the skill on every agent run, increasing exposure. The SKILL.md itself doesn't show explicit exfiltration, but requiring the API key at load-time is disproportionate unless the skill actually performs authenticated API calls.
!
Persistence & Privilege
always: true is set. This forces the skill to be included in every agent run. For a lightweight rules/checklist file this is not justified — it broadens the blast radius of the required GEMINI_API_KEY and any install behavior. Unless the developer explains why the skill must always be present, this is a privilege escalation risk.
What to consider before installing
This skill looks like a legitimate yummycli helper, but there are a few red flags you should address before enabling it widely: - Confirm why the skill needs GEMINI_API_KEY as a required primary env var. If the skill only checks whether credentials exist, it should be able to run defensively without requiring the secret at load time. If the skill will perform authenticated operations, ensure you trust the maintainer and scope the token with minimum permissions. - Ask the publisher to justify always: true. That setting forces the skill into every agent run and expands the risk of any sensitive env var being accessible. Prefer enabling the skill on demand or only when yummycli is being used. - Clarify the install behavior. The SKILL.md includes an npm install block for @yummysource/yummycli, but the registry metadata stated no install spec — ask whether the agent will auto-install this package. If it will, verify the npm package exists, inspect its source, and confirm the package maintainer/trustworthiness before allowing installation. - Because the skill has no homepage/source listed, request a repository or package link so you can inspect code and provenance. - If you decide to allow it: limit scope by providing a scoped GEMINI_API_KEY (least privilege), avoid making the skill always-on, and enable monitoring (audit logs, token rotation) in case of unexpected behavior. If the publisher cannot explain the always: true setting, the install inconsistency, or provide a verifiable source, treat the skill as high-risk and avoid enabling it.
!
SKILL.md:1
Skill is configured with always=true (persistent invocation).
About static analysis
These patterns were detected by automated regex scanning. They may be normal for skills that integrate with external APIs. Check the VirusTotal and OpenClaw results above for context-aware analysis.

Like a lobster shell, security has layers — review code before you run it.

latestvk97bvrjcbepz76nc0sq51sehmh84qk8t

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binsyummycli
EnvGEMINI_API_KEY
Primary envGEMINI_API_KEY

Comments