ClawHub

Openclaw Skill

v1.0.0

AI-powered family office management system for ultra-high-net-worth families - manage family members, professional contacts, legal documents, and tasks with...

0· 218·0 current·0 all-time
byJustin Liu@zhenstaff
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name, README, SKILL.md, and skill.json consistently describe a local-first family-office manager and the only required runtime binary is node — that matches expectations. Minor inconsistencies: SKILL.md frontmatter lists an install step ("npm install") and skill.json lists a global npm install command, while the registry shows no install spec; publish/validate scripts are included (these are developer tools for publishing to ClawHub and not required for runtime). These differences are explainable but worth noting.
!
Instruction Scope
The SKILL.md instructions themselves are scoped to the stated purpose (calls to tools.list_family_members, list_documents, etc.) and do not overtly reference unrelated system files or secrets. However: (1) a pre-scan detected unicode-control-chars inside SKILL.md (a common vector for hidden/prompt-injection), which could attempt to manipulate agent behavior when the markdown is loaded; (2) the package does not include an agents/tools implementation in the file manifest, yet SKILL.md references './agents/tools' and skill.json references agents/tools.ts — runtime depends on external tool implementations (not included) so you should confirm where the tool code runs and what it does. These points raise a non-trivial risk that the agent could be steered or that the true runtime behavior is not fully visible in the shipped files.
Install Mechanism
No network downloads or archive extracts are present in the package; the included scripts and metadata reference npm-based installation (npm install / npm install -g openclaw-family-steward) and ClawHub CLI commands used by the publisher. Nothing in the manifest points to arbitrary remote archives or shorteners. This is moderate-low installer risk, but confirm the npm package source and review its published contents before installing via npm.
Credentials
The skill declares only node (and npm in requirements) and no environment variables or credentials. That is proportionate to a local JS-based tool. No required env vars or config paths are requested. Validate/publish scripts reference .clawhubrc and clawhub CLI, but those are publishing-time tools and not required for runtime functionality as described.
Persistence & Privilege
The skill is not marked always:true and is user-invocable (normal defaults). It does not request persistent elevated privileges in the manifest. Note: autonomous invocation is enabled by default on the platform — combine that with the SKILL.md prompt-injection signal and you'll want to be cautious (see user guidance).
Scan Findings in Context
[unicode-control-chars] unexpected: Control/unicode invisibles in SKILL.md are not expected for a honest documentation file. They can be used to hide or obfuscate instructions (prompt-injection). This is a meaningful finding and should be investigated by inspecting the raw file bytes (cat -v, hexdump, or an editor that shows hidden characters).
What to consider before installing
Do not install or enable this skill until you take a few verification steps: 1) Inspect SKILL.md as raw bytes for hidden control/unicode characters (e.g., cat -v SKILL.md or hexdump -C SKILL.md). Remove any invisible control characters and re-check that the visible instructions match the README and skill.json. 2) Confirm where the 'tools' implementations live (agents/tools.ts referenced in skill.json) — they are not included in the shipped files. Obtain and audit the tool code to ensure it does not make network calls, read arbitrary files, or access secrets. 3) If you plan to install via npm, review the published npm package contents on the registry (not just the repo) and audit dependencies for network activity or native code. 4) Treat the included publish.sh/validate.sh as developer utilities; they call ClawHub and rely on a .clawhubrc — ensure those are not executed in your runtime environment. 5) If you lack the ability to audit code, request a clean upstream source (GitHub repo) and an explicit statement/commit removing any hidden characters and providing the agents/tools implementation; consider running the skill in a sandbox until validated. The unicode-control-chars finding is the primary reason for caution — it can be used to steer agent behavior beyond the visible documentation.

Like a lobster shell, security has layers — review code before you run it.

latestvk97ea19xdt148xxvgkgc4837mn82efm4

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🏰 Clawdis
OSmacOS · Linux · Windows
Binsnode

Comments