Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Beijing Signed Price Tracker
v1.6.0Track configured Beijing Housing Commission new-home projects from bjjs.zjw.beijing.gov.cn project-detail URLs, read project signed-unit counts, signed area,...
⭐ 0· 107·0 current·0 all-time
by张家钊@aaronstuart
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The name/description (track Beijing Housing Commission project pages and persist signed-room rows to a Feishu sheet) aligns with the included code: tracker.js crawls bjjs.zjw.beijing.gov.cn and writes/notifications use Feishu APIs. However the package contains embedded Feishu credentials (appSecret / spreadsheetToken) and sheet tokens in projects.json / last-sync files, and the registry metadata declares no required env vars — that mismatch (secrets committed into repo rather than declared/asked-for) is unexpected and poor practice.
Instruction Scope
SKILL.md instructs the agent to crawl project pages, follow '查看更多' and paginated lists, maintain a local room-cache, write rows to a Feishu spreadsheet, and send Feishu DMs. The code implements those actions and only reads/writes its local files (projects.json, room-cache.json, last-sync*.json) and interacts with two external hosts (the Beijing site and open.feishu.cn). Concern: the monitoring script (scripts/monitor-tracker-runs.js) reads a hard-coded RUNS_PATH pointing to an absolute path under /home/SENSETIME/..., which accesses system-local run logs outside the skill directory — that file access is outside the documented scope and could read unrelated local data.
Install Mechanism
There is no install spec (instruction + node scripts), so nothing is downloaded or installed by the registry. The code runs under node and performs network I/O; no remote archives, obscure package installs, or URL downloads were present in the provided files.
Credentials
The feature legitimately needs Feishu credentials (appId/appSecret and sheet identifiers) to update sheets and send DMs — the SKILL.md documents env var overrides (FEISHU_*). But the registry metadata lists no required env vars, and the repository includes plaintext secrets (projects.json contains appId/appSecret/spreadsheetToken and last-sync files also include tokens). Committing active secrets into the skill bundle is disproportionate and exposes credentials to anyone with access to the skill files.
Persistence & Privilege
The skill does not request always:true and does not modify other skills. It writes local caches and last-sync files within the skill directory (expected), and is allowed to call Feishu APIs (expected for its purpose). The only persistence concern is the use of an absolute RUNS_PATH in scripts/monitor-tracker-runs.js which reads a host-specific cron/runs JSONL — that is a cross-cutting read of system-local state and should be configurable or documented.
Scan Findings in Context
[hardcoded_feishu_app_secret_in_projects_json] unexpected: projects.json contains appId/appSecret and spreadsheetToken in plaintext. While the skill needs Feishu credentials to function, bundling active credentials in the code/repo is not expected and leaks sensitive tokens. User should treat these as compromised and not reuse them.
[hardcoded_sheet_tokens_in_last_sync_files] unexpected: last-sync.json and last-sync-wutong.json include spreadsheetToken and sheetId. Storing tokens in runtime artifacts committed with the skill exposes them; tokens should be supplied at runtime or via environment variables.
[absolute_runs_path_in_monitor_script] unexpected: scripts/monitor-tracker-runs.js uses RUNS_PATH = '/home/SENSETIME/.../cron/runs/…jsonl' to find previous run logs. This is an absolute system path that reads outside the skill directory; it's not documented in SKILL.md and is unexpected for a generic skill bundle.
What to consider before installing
This skill appears to implement the tracking and Feishu integration it promises, but there are important warnings before you install or run it: (1) The bundle includes active Feishu credentials and sheet tokens in projects.json and last-sync files — treat those as leaked and do NOT reuse them; instead, supply your own credentials via environment variables or a secrets store and remove any committed secrets. (2) The monitoring script reads a hard-coded absolute RUNS_PATH on the host — review and either remove or make this path configurable to avoid reading unrelated local logs. (3) Because the skill will be able to post to and modify a Feishu spreadsheet and send DMs, only provide Feishu credentials with the minimum necessary scope and to an account/app you control and can revoke. (4) Run the code in an isolated environment (or review the full tracker.js) before giving it production credentials; rotate any credentials if you previously used the ones embedded in the repo. If you want, I can: (a) point out exact lines in the files to change to remove hard-coded secrets and make RUNS_PATH configurable, or (b) show how to run the tracker safely with ephemeral/test Feishu credentials.scripts/tracker.js:561
Environment variable access combined with network send.
scripts/monitor-tracker-runs.js:42
File read combined with network send (possible exfiltration).
scripts/tracker.js:132
File read combined with network send (possible exfiltration).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.Like a lobster shell, security has layers — review code before you run it.
latestvk97ev27s3aph6vz0t5ehqvmt3n845zys
License
MIT-0
Free to use, modify, and redistribute. No attribution required.