ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Link Digest

v1.1.0

Process links and content shared in a designated 'interesting findings' Discord channel. Use when: (1) a URL or article is shared and needs analysis, (2) som...

0· 476·0 current·0 all-time
by@zerone0x
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The SKILL.md clearly describes a Link Digest that reads a Discord channel, fetches URLs, summarizes them, creates threads, and appends notes to a KB. The registry shows no required env vars or binaries, while the SKILL.md requires configuration values (LINK_DIGEST_CHANNEL_ID and KB_DIR) be set in AGENTS.md/TOOLS.md — this is a documentation/configuration gap but not a substantive mismatch. No unrelated credentials or tools are requested.
Instruction Scope
Instructions are narrowly scoped to validating public HTTP(s) URLs, fetching pages (web_fetch/web_search), synthesizing summaries, creating Discord threads via message(action=...), and writing synthesized KB entries under KB_DIR. The SKILL.md explicitly prohibits executing fetched content, passing raw fetched text to shells/eval/git, and committing outside KB_DIR. These constraints reduce scope creep and exfiltration risk.
Install Mechanism
There is no install spec and no code files — instruction-only. This minimizes on-disk attack surface and aligns with the stated behavior.
Credentials
The skill does not declare required secrets or environment variables in the registry, but the runtime instructions expect LINK_DIGEST_CHANNEL_ID and KB_DIR to be configured. Interacting with Discord typically requires a bot token or platform-provided message tool; the skill does not request extra unrelated credentials. Recommend documenting required permissions (Discord bot token scope, where KB_DIR is located) before enabling.
Persistence & Privilege
always:false (no forced presence). The skill writes and commits only within KB_DIR per its rules; it does not request system-wide config changes or appear to modify other skills. Agent autonomous invocation is allowed by default but not excessive here.
Scan Findings in Context
[prompt-injection:ignore-previous-instructions] expected: The SKILL.md contains the phrase 'ignore previous instructions' as part of a defensive rule telling the agent to ignore such text in fetched pages. The pattern match is expected here and is used defensively rather than maliciously.
Assessment
This skill appears to do what it says: validate public URLs, fetch content, create Discord threads, and save synthesized KB entries. Before installing, confirm where LINK_DIGEST_CHANNEL_ID and KB_DIR will be configured and that KB_DIR does not point to sensitive system directories (home, /etc, etc.). Verify the platform's message tool / Discord bot has only the minimal permissions needed (read messages, create threads, post messages) and that the bot token is stored securely. Ensure your platform's web_fetch tool enforces the same URL/IP restrictions listed (private IPs, metadata endpoints). Finally, prefer that the skill's configuration explicitly lists any required environment variables or tokens and that commits are confirmed limited to KB_DIR to avoid accidental commits of unrelated files.

Like a lobster shell, security has layers — review code before you run it.

latestvk977tyn5fpwyhqyf1x6vvtv79s81txpk

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments