ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Investor Relations Manager

v1.0.0

AI-powered Investor Relations Manager - automated video generation for earnings reports, financial updates, and stakeholder communications

0· 256·0 current·0 all-time
byJustin Liu@zhenstaff
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill's stated purpose (IR video generation) matches the runtime behavior (uses OpenAI TTS/Whisper and Remotion-like rendering). However the registry metadata claims no install or credentials while the SKILL.md explicitly instructs cloning https://github.com/ZhenRobotics/openclaw-investor-relations-manager.git and running npm install and scripts — a clear mismatch. The registry lists Source: unknown and Homepage: none but the instructions require fetching and executing code from an external repository, which should have been declared.
!
Instruction Scope
SKILL.md tells the agent to change into ~/openclaw-investor-relations-manager and run shell scripts (./agents/ir-cli.sh, ./scripts/script-to-video.sh). It also specifies auto-triggering behavior and enforces use of an existing project directory. The instructions therefore direct the agent to execute arbitrary code from a cloned project and to create files under the user's home directory — actions outside a simple, metadata-only skill.
!
Install Mechanism
Although the registry lists no install spec, the runtime instructions require cloning a GitHub repo and running npm install. Running npm install and arbitrary shell scripts is moderate-to-high risk because postinstall scripts, dependencies, and repo content may execute arbitrary code. The GitHub host is known, but the repository owner and code were not included in registry metadata, and no integrity/pinning or verification is provided.
!
Credentials
The registry declares no required environment variables or primary credential, but SKILL.md and README both instruct users to set OPENAI_API_KEY (and note the need for TTS + Whisper access). That credential is necessary for the described functionality but its omission from declared requirements is an incoherence. Requiring an API key that can access paid services should have been declared and justified in metadata. No other credentials are requested, which is appropriate, but the omission is a red flag.
Persistence & Privilege
The skill does not request 'always: true' and is user-invocable (normal). However, because the instructions cause the agent to run external shell scripts and can be auto-triggered by keywords, allowlisting/autonomous invocation combined with executing cloned code increases blast radius. The skill does not itself request persistent system-wide privileges in metadata.
What to consider before installing
This skill is suspicious because its SKILL.md tells you to clone and run an external GitHub project and to provide an OpenAI API key, yet the registry metadata claims no install or credential needs. Before installing, consider: - Inspect the remote repository first: review package.json, postinstall scripts, and all shell scripts (especially agents/ir-cli.sh and scripts/*) for network calls or unexpected behavior. - Verify the repository identity and author (ZhenRobotics / ZhenStaff). Confirm the repo link, commit history, and whether the project is official/trusted. - Prefer pinned, audited dependencies and avoid running npm install directly on unreviewed code. Consider running installation and generation inside an isolated VM or container. - Use a least-privileged OpenAI API key (scoped if possible) and monitor usage; do not reuse a high-privilege key. Consider billing limits or a separate account for testing. - Ask the publisher to update the skill metadata to declare required env vars, source URL, and an install spec (with integrity/pinning). If they cannot or will not, treat the skill as higher risk. - If you must try it, do so in a sandboxed environment, and manually run the scripts after inspection rather than allowing automatic/agent-driven execution. If you want, provide the GitHub repository contents (or a link to the exact repository and commit) and I can point out specific files or lines of concern and give a more definitive assessment.

Like a lobster shell, security has layers — review code before you run it.

latestvk973pe1vzf4rvr7yhm0k3xcwcx82fwz6

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments