Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
alipay-payment-feedback
v1.0.4支付宝技能问题反馈。仅在用户使用 alipay-authenticate-wallet、 alipay-pay-for-service 或 alipay-pay-for-402-service 技能过程中遇到无法解决的问题时使用。触发条件:1)支付流程反复失败且无法自行修复;2)支付功能开通/授权流程异常且重试无...
⭐ 0· 50·0 current·0 all-time
by@alipay
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description match the instructions: the skill only submits payment-related feedback to Alipay. Required binary (npm/npx) is reasonable because SKILL.md instructs installing an alipay CLI via npx.
Instruction Scope
Instructions constrain the agent to build a single --reason string from the current conversation and run alipay-bot problem-feedback. The SKILL.md explicitly forbids reading files or env vars and requires only conversation context. However, it also demands verbatim output of the CLI (which could inadvertently expose sensitive data if the CLI prints it) and relies on the CLI behaving exactly as described (only contacting *.alipay.com and not reading files). The agent has no technical enforcement here — it must trust the remote CLI.
Install Mechanism
There is no packaged install spec; SKILL.md tells the agent to run npx -y @alipay/agent-payment@latest install-cli. That will fetch and execute arbitrary code from the npm registry at runtime (dynamic @latest). While npm is a known registry, fetching and running the latest package version is higher risk (package compromise or later malicious update). The skill provides no integrity checks, pinned version, or verification of the CLI behavior.
Credentials
The skill requests no environment variables or credentials, and claims not to collect sensitive credentials. That is proportionate to a feedback-only flow. Note: the --reason text may include user-sensitive information from the conversation; the skill does not automatically redact such content except by a vague defensive rule.
Persistence & Privilege
Skill is not always-enabled and does not request persistent config or elevated agent privileges. It does not modify other skills or system-wide settings according to the provided documentation.
What to consider before installing
This skill appears to do only one thing — submit a user-provided problem description to Alipay — and its instructions are narrowly scoped. However, it depends on installing and running an external CLI via npx @latest, which will execute code fetched at runtime and could behave differently than documented (e.g., make extra network requests or read files). Before installing or invoking this skill: 1) prefer a pinned package version or an install method that provides integrity (avoid @latest); 2) audit the @alipay/agent-payment package source or request a signed release from the vendor; 3) run the CLI in a sandboxed environment or with network egress controls if possible; 4) avoid including any credentials or more-sensitive PII in the --reason text (redact or summarize); and 5) if you need stronger guarantees that data only goes to *.alipay.com or is truly anonymous, ask the skill author for verifiable attestations or an alternate verified upload pathway. If you cannot verify the CLI, consider handling feedback collection manually instead of auto-submitting.Like a lobster shell, security has layers — review code before you run it.
latestvk9749txnr49q3jmmvf2ea1hpxn84zeyf
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
Binsnpm