Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
article-link-skill
v1.0.0文章链接提取工具。提交付费媒体文章链接,自动匹配已有内容并返回英文全文,或排队提取。支持 Barron's、Bloomberg、Financial Times、Foreign Policy、Handelsblatt、MarketWatch、New York Times、Reuters、The Atlantic、T...
⭐ 0· 39·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The skill's stated purpose (submit paywalled article links to pick-read.vip and return English text) matches the code's network calls to https://pick-read.vip/api. However, registry metadata declares no required config paths or credentials while the SKILL.md and code require a local config.json or IMPORT_TOKEN env var (sensitive credential). The omission in metadata is a mismatch that reduces transparency.
Instruction Scope
SKILL.md restricts runtime behavior to invoking python3 scripts/article_link.py and reading {baseDir}/config.json for import_token, which matches the code. That scope is narrow and appropriate for the feature, but the instructions require reading a local config.json (and the code will also accept IMPORT_TOKEN/API_BASE env vars) while the skill registry did not declare that config path or credentials — this mismatch is a scope/visibility problem. The instructions also forbid direct API calls but the code itself makes HTTP requests to the external service.
Install Mechanism
No install spec; it's instruction-only with a shipped Python script. No third-party packages or downloads are installed by the skill itself, which is the lower-risk pattern for skills that rely on an existing python3 binary.
Credentials
The skill requires an Import Token to operate (sensitive credential). The registry metadata did not declare a primaryEnv or required env/config path, yet the code reads config.json and also accepts IMPORT_TOKEN and API_BASE environment variables. This mismatch (undocumented credential/config requirement) is disproportionate to the transparency expected and should be declared explicitly before install.
Persistence & Privilege
always is false and the skill does not request system-wide persistence or modify other skills. The agent-autonomous invocation setting is the platform default and not itself problematic here.
Scan Findings in Context
[ssl_verify_disabled] unexpected: The code intentionally creates SSL contexts that disable certificate verification (check_hostname=False; CERT_NONE and using _create_unverified_context). This weakens TLS and makes man-in-the-middle interception of requests to the API possible; it is not justified by the stated purpose and is a security risk.
[reads_local_config] expected: The SKILL.md and code require reading {baseDir}/config.json to obtain api_base and import_token. That is expected for this service, but the skill registry metadata omitted required config paths/credentials, reducing transparency.
[accepts_env_tokens] expected: The script accepts IMPORT_TOKEN and API_BASE from the environment, which is reasonable, but these env vars are not declared in registry metadata (primaryEnv missing).
What to consider before installing
Before installing, be aware of three issues: (1) The skill needs a sensitive Import Token (stored in config.json or in environment variables) but the registry metadata does not declare that — confirm you trust the maintainer and the token provider (pick-read.vip) before supplying credentials. (2) The script deliberately disables TLS certificate verification when calling the API; this creates a risk of network interception (MITM). Ask the author to remove or justify the unverified SSL contexts and use standard verified HTTPS. (3) The skill reads a local config.json (excluded by .gitignore) and will send the import token to pick-read.vip — verify you are comfortable placing a token in that file and that the API base (default pick-read.vip) is the intended endpoint. If you cannot verify those points, do not install or run the skill; request the maintainer to (a) declare the required config/env in registry metadata, (b) stop disabling SSL verification, and (c) document token handling and retention. If you must proceed, avoid giving high-privilege tokens and prefer ephemeral/test tokens; consider restricting autonomous invocation until these issues are resolved.Like a lobster shell, security has layers — review code before you run it.
1.0.0vk973q1vx6pcz1zwdt0xe8qk11584qgjqlatestvk973q1vx6pcz1zwdt0xe8qk11584qgjq
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
Binspython3