Exposed secret literal
Critical
- Finding
- File appears to expose a hardcoded API secret or token.
deepsop-humabot
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This appears to be a real DeepSOP sales-automation skill, but it needs review because it can use a broad API key to run outbound sales/public-posting tasks and auto-query results without clear approval and origin boundaries.
Install only if you trust DeepSOP and this publisher, can provide a scoped API key, and are comfortable with the agent submitting sales outreach and TikTok publishing tasks. Before use, require explicit confirmation for every outbound message, public post, credit-spending action, and scheduled result query.
Publisher note
# 人机协作台(Human-AI Collaboration) 基于 DeepSOP 平台的智能销售任务助手,理解自然语言指令、自动拆解任务参数、调用 deepsop API 提交任务,并按用户指定时间自动查询结果。 ## ✨ 主要能力 - **客户挖掘**(AiWa)— 找客户、行业客户,自动生成带样式的 xlsx 报表 - **邮件销售**(Frank)— 提交邮件销售任务并统计发送/已读/回复 - **电话销售**(Fran)— 自动查询号码池与场景库后提交电话销售任务 - **短信销售**(Lisa)— 提交短信任务并统计发送结果 - **AI 视频 + TikTok 发布**(Toby)— 自动生成视频并发布,统计播放/点赞/评论 ## 🚀 快速开始 1. **获取 API Key** - 已有账号 → [https://ai.deepsop.com/login?source=3](https://ai.deepsop.com/login?source=3) - 没有账号 → [https://ai.deepsop.com/register?source=3](https://ai.deepsop.com/register?source=3) - 复制以 `sk-` 开头的密钥 2. **配置环境变量** ```bash # Linux/macOS export DEEPSOP_API_KEY="sk-your_api_key_here" ``` ```powershell # Windows PowerShell $env:DEEPSOP_API_KEY="sk-your_api_key_here" ``` 3. **直接对 OpenClaw 说出需求**,例如: - "帮我找 50 个美国做服装的客户" - "给这批客户发一封产品介绍邮件" - "生成一条产品视频发布到 TikTok" ## 📖 完整文档 详细使用说明、参数约定、错误处理流程请查看 [SKILL.md](SKILL.md)。 ## ⚠️ 重要提醒 - 提交 `agentSubmitTask` **必须**走 `scripts/submit_task.py`(脚本内置 UTF-8 安全提交 + 参数预校验) - **禁止**直接写 `curl` 命令(Windows cp936 代码页会导致中文乱码) --- ## 🔒 安全审计报告 > 本技能已通过 `skill-vetter` 安全审计工具的完整审查,可放心安装使用。 | 字段 | 内容 | |---|---| | **审计日期** | 2026-05-12 | | **审计工具** | skill-vetter (clawhub@latest) | | **来源** | ClawdHub / DeepSOP 官方 | | **审查文件数** | 8(SKILL.md、api_paths.py、submit_task.py、2 个参数校验器、格式化脚本等) | | **可疑模式** | ✖ 无 | | **网络访问** | `https://ai.deepsop.com/prod-api/...`(合法的 DeepSOP 任务提交接口,单一已知域名) | | **API Key 处理** | 仅从环境变量 `DEEPSOP_API_KEY` 读取,未硬编码、无外泄 | | **文件访问** | 不直接读写本地文件(仅 JSON 任务体) | | **依赖命令** | 仅 Python 标准库 `urllib`,无第三方依赖 | | **风险等级** | 🟡 MEDIUM(需配置 API Key,向已知服务提交任务) | | **审计结论** | ✅ **SAFE TO INSTALL — 安全可安装** | **审计要点:** - 设计上具备纵深防御:HTTP 提交前先做参数预校验。 - 全程 UTF-8 编码安全,规避 Windows 代码页导致的中文乱码问题。 - 单一已知 API 域名,未发现凭据外泄路径。 - 误报澄清:`.py` 文件中出现的 `curl` 仅为注释/文档示例,并未实际执行。 > 完整的多技能审计报告见仓库根目录 `SKILL_VETTING_REPORT.md`。
Static analysis
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
What this means
A mistaken or over-broad instruction could send sales emails/SMS/calls or publish TikTok content from the connected account.
Why it was flagged
The skill can turn natural-language prompts into API-submitted tasks that contact customers or publish public content. The provided excerpts do not show a strong pre-submit confirmation step for recipients, content, account, cost, or cancellation.
Skill content
AI自动分析拆解任务参数,调用 deepsop 平台接口提交任务... Frank:邮件销售... Fran:电话销售... Lisa:短信销售... Toby:AI 视频生成并发布到 TikTok
Recommendation
Require an explicit final confirmation showing exact recipients, content, platform/account, estimated cost, and cancellation options before submitting outreach or publishing tasks.
What this means
Anyone or any agent path with access to the key may be able to submit tasks, query account data, use connected outreach/TikTok resources, or spend account credits through DeepSOP.
Why it was flagged
A single DeepSOP API key is required for account-level operations, including task submission and a listed K-coin-deducting purchase endpoint, while registry metadata says there are no required env vars or primary credential.
Skill content
需要提前配置环境变量 DEEPSOP_API_KEY... 所有 API 请求头需携带:`x-api-key: $DEEPSOP_API_KEY`... 提交签约(扣K币)
Recommendation
Declare the credential in metadata, use the least-privileged API key available, and require separate confirmation for any credit purchase, public posting, or mass outreach action.
What this means
A crafted message containing the marker and task identifiers could cause the agent to retrieve or push sales/customer result data unexpectedly.
Why it was flagged
The auto-query flow is triggered by a text marker and does not show validation that the event came from a trusted scheduler or the original task owner before querying and pushing results.
Skill content
收到包含 [DeepSOP-AutoQuery] 标记的系统定时事件(cron 回调...)... 不得询问用户是否继续... 立即从输入文本中解析变量
Recommendation
Authenticate scheduled callbacks, bind them to the originating user/session/task, and ignore the marker in ordinary user or retrieved content.
What this means
The skill may fail or prompt ad-hoc package installation in environments that do not already have openpyxl installed.
Why it was flagged
Report generation uses the undeclared openpyxl dependency and writes local xlsx files, while the install spec declares no dependency or install mechanism.
Skill content
from openpyxl import Workbook ... wb.save(output_path)
Recommendation
Declare Python/package requirements and keep generated report paths user-visible and scoped.
What this means
Users may underestimate local file-writing behavior and undeclared dependencies if they rely on the self-audit section.
Why it was flagged
The README’s safety claims overstate assurance and conflict with included formatter scripts that import openpyxl and write xlsx report files.
Skill content
SAFE TO INSTALL ... 文件访问 | 不直接读写本地文件 ... 依赖命令 | 仅 Python 标准库 `urllib`
Recommendation
Treat the self-audit as publisher-provided information, not independent approval, and update the documentation to accurately describe dependencies and file outputs.