ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

rh-skill

v1.0.0

RunningHub AI 智能调用。Use when user wants to generate images, videos, or audio content.

0· 51·0 current·0 all-time
by@airix315
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description (RunningHub integration for image/video/audio generation) align with requiring a RUNNINGHUB_API_KEY and providing wrappers for apps like qwen-text-to-image. However the skill also requires/assumes a full RHMCP project to be cloned and built and references an OpenClaw MCP configuration (editing ~/.openclaw/openclaw.json). Asking the user to install a separate server project and to point the agent at it is heavier-weight than a simple API wrapper and expands the attack surface.
!
Instruction Scope
SKILL.md explicitly instructs cloning https://github.com/AIRix315/RHMCP, running npm install and npm run build, creating service.json and .env, and editing OpenClaw config. The included executor.mjs reads local files (service.json, apps.json, recommended-apps.json), and tries multiple directories (RHMCP_CONFIG, repo root, cwd). The runtime instructions therefore direct the agent/operator to download and run remote code and to read local config files beyond the declared env var. The skill's instructions also refer to RHMCP_CONFIG and file paths not declared in requires.env, which is a scope mismatch.
!
Install Mechanism
No formal install spec in registry, but README/SKILL.md tell users to git clone and run npm install/build on an external GitHub repo (RHMCP). That pulls and executes third-party code on the user's machine. Because this is an out-of-band install (not vetted by the registry), it increases risk and should be treated carefully.
!
Credentials
The declared required env var is RUNNINGHUB_API_KEY (appropriate for RunningHub). However the code and docs also reference RHMCP_CONFIG and expect a service.json/.env in the RHMCP directory; RHMCP_CONFIG is not declared in requires.env. The executor reads local files (service.json, apps.json) from multiple directories, which could cause the skill to consume or expose unrelated local configuration if RHMCP_CONFIG is pointed broadly. Overall the number and nature of config/env accesses are larger than declared.
Persistence & Privilege
always is false and disable-model-invocation is default (agent may call it autonomously). The skill's docs instruct manual edits to ~/.openclaw/openclaw.json to register the MCP server — that requires user action but would modify agent configuration if followed. The skill itself does not request permanent elevated privileges in metadata, but its installation instructions encourage changing agent config and running a long-lived local service, which increases persistence and attack surface if misused.
What to consider before installing
This skill is a wrapper around a separate project (RHMCP) and asks you to clone and run that external code. That means: 1) Inspect the RHMCP repository and the included executor.mjs before running npm install or node — running npm install/build executes arbitrary third-party code. 2) Be cautious where you set RHMCP_CONFIG and create service.json/.env — the executor reads files from those directories (apps.json, service.json) and could process any local config placed there. 3) The only declared credential is RUNNINGHUB_API_KEY (expected), but the code also uses RHMCP_CONFIG (not declared); avoid pointing it at directories that contain other secrets. 4) Prefer testing in an isolated environment (container or VM), and avoid running these install steps as root. 5) If you want minimal risk, request a version of the skill that calls RunningHub APIs directly (no external repo clone) or provide an official install package/release rather than free-form git clone + npm install.

Like a lobster shell, security has layers — review code before you run it.

latestvk978hvpdjv0xvqfdfp3xw1s9b583y8t8

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🎨 Clawdis
EnvRUNNINGHUB_API_KEY
Configrhmcp.baseUrl
Primary envRUNNINGHUB_API_KEY

Comments