Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Mvp Kanban Complete Skill
v0.0.2提供完整MVP看板任务管理,支持任务和泳道管理、批量操作、AI分析、向量搜索,含Docker镜像和21个MCP工具接口。
⭐ 0· 85·0 current·0 all-time
byTerry S Fisher@43622283
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description, code files (Flask app, DB, MCP server, NLP parser) and Docker artifacts are consistent with a self‑hosted Kanban application that exposes REST + MCP tools and vector search. The requested artifacts (Docker build/run, MCP integration) are reasonable for that purpose.
Instruction Scope
Runtime instructions and hooks will write/modify ~/.openclaw/config/mcp.json, build a Docker image and run docker-compose (post_install hook). That modifies user configuration and starts a networked service automatically. SKILL.md and clawhub.yaml indicate automatic MCP config creation (may overwrite existing file) — this is a scope expansion that should be explicit and reversible. No explicit user consent/merge step is enforced in the scripts.
Install Mechanism
There is no separate install spec, but the package includes a post_install hook that runs 'docker build' and 'docker-compose up -d' from the skill directory. Building and running a local Docker image from unreviewed source is moderately risky (it executes arbitrary code as part of the image build and container start) but is coherent with shipping a full application.
Credentials
The skill declares no required environment variables or credentials. The config and runtime do not request cloud keys or unrelated secrets. This is proportionate to the stated local-app purpose.
Persistence & Privilege
The skill auto-starts a service (via post_install and service entries) and writes an MCP configuration file under ~/.openclaw/config. While 'always: false' and autonomous invocation are normal, auto‑creating/modifying a global config file and auto‑launching a container are elevated behaviors that should be highlighted to the user. Also some docs claim it runs as root and others claim non-root — conflicting privileges.
Scan Findings in Context
[pre-scan-injection-signals] expected: No pre-scan injection signals were detected; absence of findings is not proof of safety. The key surface is the Docker build/run and auto-modifying MCP config rather than obvious suspicious strings.
What to consider before installing
This package appears to implement a full self‑hosted Kanban app and includes Docker files and a post_install hook that will build and launch a container and add an MCP entry to ~/.openclaw/config/mcp.json. Before installing: 1) Review the Dockerfile and all server source (app.py, mcp_server.py, database.py, nlp_parser.py) for any unexpected network calls, backdoors, or commands run during image build. 2) Check whether mcp.json creation/merge will overwrite any existing MCP configuration; back up ~/.openclaw/config first. 3) Run the service in an isolated environment (local VM or disposable host) rather than on production or a machine with sensitive data. 4) Prefer binding to localhost and verify docker-compose ports (some docs conflict between 0.0.0.0 and 127.0.0.1). 5) Verify the Dockerfile sets a non‑root user and resource limits; if not, modify before running. 6) If you rely on the 'no external network' claim, search the code for outbound network calls and check dependencies (sqlite-vec, mcp) for third‑party behavior. 7) Ask the author to clarify conflicting documentation (root vs non-root, port binding, whether mcp.json is merged or overwritten) and to add an explicit opt‑in step before auto-starting services.Like a lobster shell, security has layers — review code before you run it.
latestvk979y9rn5q87c87w7pgaezjrhh83bf8s
License
MIT-0
Free to use, modify, and redistribute. No attribution required.