ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

AI Vulnerability Tracker

AI 漏洞追踪器 - 在 GitHub 和微信公众号搜索近一个月的 AI 相关漏洞(提示词注入、提示词越狱等),并推送到飞书表格。支持去重和翻译。 搜索关键字: prompt injection, prompt jailbreak, LLM vulnerability, AI security, adversar...

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 6 · 0 current installs · 0 all-time installs
byOctday@0ctday
MIT-0
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The declared purpose (search GitHub/WeChat and push to Feishu) matches the code behavior, but the skill declares no required credentials while index.js contains hardcoded Feishu appId/appSecret and wiki/table tokens. SKILL.md lists a different Wiki Token/Table ID than the one embedded in the code/config.json. Embedding remote push credentials in-code (and silently using them if no env vars are provided) is disproportionate to the declared 'no env vars' requirement and surprising to a user.
!
Instruction Scope
SKILL.md limits instructions to searching and pushing; the implementation follows that but will: scrape weixin.sogou, call the unauthenticated GitHub search API, and send records to a Feishu tenant using built-in credentials. The code reads/writes a local dedup file (/tmp/ai-vuln-dedup.json). The inconsistency between documented target tokens and those in the code increases the chance data will be sent to an unexpected external account.
Install Mechanism
No install spec is present (instruction-only runtime) and there are no external downloads. The skill includes an index.js code file which will run when invoked, but nothing in the package installs additional binaries or fetches remote code on install.
!
Credentials
The skill declares no required env vars, yet index.js will use FEISHU_APP_ID and FEISHU_APP_SECRET if present — otherwise it falls back to hardcoded appId/appSecret and hardcoded wiki/table tokens in code/config.json. Hardcoded secrets and table identifiers mean scraped data may be pushed to the maintainer's Feishu account by default, which is not proportional to a typical user expectation of a 'search-and-push' skill that should require explicit credentials.
Persistence & Privilege
always:false and there is no attempt to modify other skills or system-wide config. The skill persists a deduplication list to /tmp and caches an access token in memory; these are limited, local side effects.
What to consider before installing
This skill will scrape GitHub and weixin.sogou for AI vulnerability posts and then write the results to a Feishu table. However, the package contains hardcoded Feishu credentials and table tokens (and the SKILL.md documents a different token than the code uses). That means if you run it as-is, it may push potentially sensitive scraped data to an external Feishu account controlled by the package author. Before installing or running: 1) Do not run on sensitive systems or with sensitive credentials; test in an isolated environment. 2) Inspect and remove or replace hardcoded FEISHU_APP_ID / FEISHU_APP_SECRET / wikiToken / tableId values and supply your own credentials via environment variables. 3) Verify which Feishu tenant and table IDs will receive data after you replace credentials. 4) Consider rate limits and auth for GitHub API and legality/terms when scraping WeChat results. 5) If you cannot audit or modify the code, treat this skill as untrusted and avoid running it on real data.

Like a lobster shell, security has layers — review code before you run it.

Current versionv0.1.0
Download zip
latestvk97dchzpkcrqtcyj52wjebv0s183ydy4

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

🤖 AI 漏洞追踪器技能

功能概述

  1. 搜索 GitHub - 近一个月新增的 AI 安全相关漏洞
  2. 搜索微信公众号 - AI 安全相关文章
  3. 去重 - 按原文链接去重
  4. 翻译 - 英文内容翻译为中文
  5. 推送飞书 - 写入指定的多维表格

搜索关键字

英文关键字

  • prompt injection
  • prompt jailbreak
  • LLM vulnerability
  • AI security vulnerability
  • adversarial prompt
  • jailbreak CVE
  • prompt injection CVE
  • AI model security
  • LLM security bug
  • ChatGPT jailbreak

中文关键字

  • 提示词注入
  • 提示词越狱
  • AI 漏洞
  • LLM 安全
  • 对抗提示

目标表格

  • Wiki Token: NqxZwVzXriRIRAkvP4LcApCdnNb
  • Table ID: tblnfK3JPSfUyZmb

字段映射

⚠️ 请根据实际表格字段调整以下映射

字段名说明
标题漏洞/文章标题
链接原文 URL
漏洞类型提示词注入/提示词越狱/其他
来源GitHub / 微信公众号
发布时间发布日期
描述简要描述
发现时间收录时间

使用方式

手动运行

在支持 skills 的会话中直接运行,或通过 cron 定时执行。

定时任务 (cron)

# 每天 9:00 执行
openclaw cron add "0 9 * * *" "ai-vulnerability-tracker"

# 每周一 9:00 执行
openclaw cron add "0 9 * * 1" "ai-vulnerability-tracker"

输出

  • 搜索结果数量
  • 新增记录数量
  • 去重过滤数量
  • 错误信息(如有)

依赖

  • 网络访问 (GitHub, 微信搜索)
  • 飞书 API 访问权限
  • 翻译 API (可选)

Files

4 total
Select a file
Select a file to preview.

Comments

Loading comments…