ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Nomtiq

v0.4.6

Nomtiq — finds restaurants worth going to. No rankings, no ads. Remembers your taste, knows your budget. 小饭票:找餐厅、推荐餐厅、吃什么、附近好吃的。

2· 553·0 current·0 all-time
by@oakcoderx
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The scripts and SKILL.md implement searches (地图/Google/Yelp/Reddit), user taste profile management, and optional anonymous sharing to a Moltbook endpoint — all coherent with a restaurant‑finder. However the registry metadata at the top of the evaluation said “Required env vars: none” while SKILL.md and AGENT_GUIDE list AMAP_KEY, SERPER_API_KEY, and MOLTBOOK_API_KEY; that mismatch is unexpected and should be clarified.
!
Instruction Scope
Runtime instructions and AGENT_GUIDE tell the agent to run many Python scripts that read/write local profile files, call multiple external APIs, and optionally post anonymous reviews to Moltbook. The SKILL.md contains a detected 'unicode-control-chars' injection pattern which could be used to manipulate downstream LLM prompts. Also promotion documentation and scripts discuss broadcasting/marketing the skill (posting examples to social platforms) — this increases the chance user data might be shared if options are enabled. Overall the actions go beyond purely local recommendation text-generation and include external network activity and optional data sharing.
Install Mechanism
No package download/install spec; it's instruction+scripts that run with system Python. No remote installers or archive downloads were requested in the manifest, which reduces install risk. The code files are present and executed locally.
Credentials
Requested API keys (AMAP_KEY for Amap, SERPER_API_KEY for Serper, MOLTBOOK_API_KEY for Moltbook) are proportionate to the stated external calls. But the top-level registry metadata claiming no required env vars contradicts the SKILL.md's declared env needs; that inconsistency could hide surprising network access. Moltbook posting is opt‑in, but if enabled it would transmit user‑recorded restaurant entries externally (even if claimed 'anonymous').
Persistence & Privilege
The skill is not always:true and doesn't request elevated system privileges. It stores and updates local profile JSON files (expected for personalization) and does not declare modifications to other skills or global config.
Scan Findings in Context
[unicode-control-chars] unexpected: Unicode control characters found in SKILL.md can be used in prompt injection to alter LLM parsing or to hide text; this is not required for a restaurant finder and should be investigated/removed.
What to consider before installing
Things to check before installing or enabling Nomtiq: - Clarify env var requirements: SKILL.md expects AMAP_KEY, SERPER_API_KEY and MOLTBOOK_API_KEY but top‑level metadata listed none. Only provide keys you trust and intend to use. Use least‑privilege keys (e.g., restrict referer/IP and quotas). - Review the scripts (search_*.py, profile.py, moltbook.py) yourself (or in a sandbox) to confirm what data is read, written, and sent. Pay attention to what profile data is posted when you enable Moltbook sharing. - Treat Moltbook sharing as potentially exfiltrative: it will send restaurant records externally (claimed anonymous, limited to 2/day); only opt in if comfortable. - Remove or sanitize any unicode control characters in SKILL.md to eliminate prompt‑injection risk before letting an LLM execute skill prompts. - If you want extra safety, run the skill in an environment with network egress controls (or a proxy) so you can observe and limit outbound requests (especially to third‑party endpoints like google.serper.dev and www.moltbook.com). - If you lack the ability to audit Python code, prefer not to install the skill or only enable it with network access restricted and without enabling Moltbook posting. I have medium confidence in this assessment because the code and instructions mostly align with the declared purpose, but the metadata mismatch and prompt‑injection signal raise nontrivial concerns that should be resolved before trusting the skill with keys or private data.

Like a lobster shell, security has layers — review code before you run it.

latestvk979wv4hdv6hsv2qngphb6h0bx83fav0
553downloads
2stars
12versions
Updated 8h ago
v0.4.6
MIT-0
@oakcoderx
latest
Download

Nomtiq 小饭票 🎫

一顿饭就是一段时光。

小饭票从一个习惯开始——

我们写代码,开会,赶 deadline。一天结束,想找个地方好好吃顿饭,陪陪重要的人。但找餐厅这件事,比想象中难。

我的好朋友常常在亮马河一带请我吃饭。不去网红店,不刷榜单。就是找一家有意思的本地馆子,两个人坐下来,聊聊最近在做什么,聊聊工作和生活,偶尔抬头看天。

找餐厅其实不容易。一切都需要合适——但什么是合适呢?社交媒体的推荐太虚假,榜单里全是广告,大众点评其实不知道你喜欢什么,它只知道什么是流行的。

所以我写了小饭票。没有排行榜。

它记得你的口味,知道你去过哪里,了解你的预算和区域。它不给你推广告,只给你值得去的地方。用得越久,越懂你。

合适,就是我们一起花的时间。

🔒 隐藏菜单

小饭票有一个隐藏菜单模式,专为重要的时光设计。不追求准确,是时光里两个人的小冒险。

一顿好饭,一段记得的时光。

Nomtiq 🎫

A meal is a moment.

It started with a habit.

We write code, sit in meetings, chase deadlines. At the end of the day, you want to find a good place to eat — and actually be present with the people who matter.

A friend of mine would take me to dinner along Liangma River — not the trending spots, not the ranked lists. Just a local place worth sitting in. Two people, a table, time to talk about what's been going on.

Everything has to fit. But what does fit mean? Social media recommendations are noise. Rankings are ads. Dianping knows what's popular — it doesn't know what you like.

So I built Nomtiq. No rankings.

It remembers your taste. Knows where you've been, what you liked, what you didn't. The longer you use it, the better it knows you.

The right fit isn't a rating. It's the time we spend together.

🔒 Hidden Menu

There's a hidden menu — designed for moments that matter. Not about precision. A small adventure for two.

A good meal. A moment worth remembering.

技术文档见 AGENT_GUIDE.md

Comments

Loading comments...