ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Tianyi Cloud Game

v1.0.1

天翼云游戏 - 一键打开天翼云游戏H5平台,畅玩云端游戏

0· 110·1 current·1 all-time
by@akahello
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description state 'open cloud game H5 page'. The package only requires python3 and includes a short Python script (scripts/launch.py) that opens a fixed URL. No unrelated binaries, credentials, or config paths are requested.
Instruction Scope
SKILL.md instructs the agent to detect the OS and open the game URL in the default browser. It does not read files, environment variables, or transmit data elsewhere. Note: triggers are broad (any expression of gaming intent) so the skill may autonomously open a browser when invoked by the agent's intent-matching.
Install Mechanism
No install spec — instruction-only with an included Python script. This is low-risk: nothing is downloaded from external URLs or written to disk beyond the provided script.
Credentials
No environment variables, credentials, or config paths are required. The requested privileges are minimal and appropriate for the stated function.
Persistence & Privilege
always:false (normal). disable-model-invocation is false so the agent may autonomously invoke the skill when intent matches; this is expected but may result in the browser being opened automatically, which users should be aware of.
Assessment
This skill is functionally simple and appears to do only what it claims: open a specific Tianyi Cloud Game H5 URL in your default browser using a small Python script. Before installing, consider: (1) the skill can be invoked autonomously by the agent when you express gaming intent — so it may open your browser unexpectedly; (2) confirm the URL is the site you expect (https://h5.play.cn/…) and install only from trusted sources; (3) no credentials are requested. If you do not want automatic browser openings, do not enable autonomous invocation or do not install the skill. If unsure, inspect scripts/launch.py yourself (it's short and readable) or run it manually instead of allowing agent autonomy.

Like a lobster shell, security has layers — review code before you run it.

latestvk9702dwe5x0txs8d81hqg5ynm183fv32

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

☁️ Clawdis
Binspython3

Comments