Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
OpenProject by altf1be
v2.0.0OpenProject CRUD skill — manage work packages, projects, groups, news, users, watchers, relations, notifications, time entries, comments, attachments, wiki p...
⭐ 1· 244·0 current·0 all-time
byAbdelkrim from Brussels@abdelkrim
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description (OpenProject CRUD) align with the contents: a Node CLI that calls the OpenProject API v3 and requires OP_HOST and OP_API_TOKEN. Declared optional env vars (default project, max results, max file size) are reasonable for the feature set.
Instruction Scope
SKILL.md instructs running the included Node script and to set OP_HOST/OP_API_TOKEN. The runtime instructions and code only read OpenProject-specific env vars and only perform network calls to the configured host via opFetch. One subtlety: opFetch will accept and follow full URLs (path that starts with 'http'), and the script follows API _links returned by the server; this can cause the tool to fetch any URL the OpenProject instance returns. That behavior is expected for HAL APIs but means a maliciously configured server could cause requests to other hosts.
Install Mechanism
There is no automated install spec in the registry entry (instruction-only), but SKILL.md and package.json instruct users to run `npm install`. Dependencies are minimal (commander, dotenv) and come from the public npm registry (package-lock shows registry.npmjs). This is proportional but requires the user to run npm to install dependencies.
Credentials
Only OP_HOST and OP_API_TOKEN are required (with a few optional OP_* variables). These are appropriate and necessary for a tool that talks to an OpenProject instance. The script loads .env via dotenv but only reads OP_* variables; it does not access unrelated credentials or system config paths.
Persistence & Privilege
The skill does not request always:true and does not modify other skills or system-wide settings. It runs as a CLI script and only touches files explicitly supplied for upload. Autonomous invocation is allowed (platform default) but is not combined with other concerning flags.
Assessment
This skill appears to do exactly what it says: a CLI for OpenProject using an API token. Before installing, confirm the OP_HOST value points to a trusted OpenProject instance and use a token with least privilege needed (avoid highly privileged tokens if possible). Running `npm install` will pull small, public npm packages (commander, dotenv); run installs in a controlled environment. Be aware the CLI may follow any API-provided links (including full URLs) — that is normal for HAL-style APIs but means a compromised or malicious server could cause additional outbound requests. Finally, avoid exposing your OP_API_TOKEN to untrusted environments or logs and review the script if you need to enforce stricter upload/path policies.scripts/openproject.mjs:28
Environment variable access combined with network send.
scripts/openproject.mjs:14
File read combined with network send (possible exfiltration).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.Like a lobster shell, security has layers — review code before you run it.
latestvk97ds0hv5q7nfg6yw7w8wzsgb1834rpv
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
📊 Clawdis
EnvOP_HOST, OP_API_TOKEN
Primary envOP_HOST