ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Pengbo Space

v1.1.1-beta.1

通过 pengbo.space 的 SMM API 查询服务、筛选服务 ID、提交订单、查询订单状态、发起补单和检查余额。适用于需要安全调用 pengbo.space/api/v1 的自动化任务。对写操作默认要求显式确认。

0· 284·0 current·0 all-time
by@amadohallal
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The skill is a client for pengbo.space/api/v1 (queries, create orders, refill, balance). The bundled Python script and docs expect an API key (PENGBO_API_KEY) and perform write actions (orders, refill). However, the registry metadata lists no required env vars or primary credential — that is inconsistent. Other capabilities (local caching, audit logs, update/verify flow) are coherent with the stated purpose.
Instruction Scope
SKILL.md and scripts restrict network egress to the pengbo.space API and require explicit --confirm for write ops. The skill writes cache/audit files under its data/ directory (services-cache_..., orders-log.jsonl, onboarding-state.json). It does not instruct reading unrelated system files or broad shell passthrough. Note: some maintenance scripts may install tools (cyclonedx-py) when run.
Install Mechanism
No install spec is provided (instruction + code files only). There is no remote install of arbitrary code at enable-time. Release/update scripts can download artifacts but enforce host allowlist and signature verification. Some helper scripts will try to pip install tooling into the user's home when executed (generate_sbom.sh).
!
Credentials
Runtime code and docs refer to PENGBO_API_KEY (and allow passing --key). The registry metadata lists no required env vars or primary credential — this omission is an inconsistency and a practical risk (users may not realize they must provide the API key). Other env/config needs (optional PUBKEY_FILE for secure_update, PATH changes in helper scripts) are proportionate to the documented update/audit flows.
Persistence & Privilege
always:false (normal). The skill does create and write files under its own data/ directory (cache, audit, onboarding state) but does not claim autostart, system cron creation, or modification of other skills. Agent autonomous invocation is allowed (platform default) — combine that with write/network actions into pengbo.space when considering trust.
What to consider before installing
What to check before installing: - Metadata mismatch: the skill expects an API key (PENGBO_API_KEY) for many operations, but the registry entry does not declare any required credentials. Confirm the publisher and ensure you supply a valid PENGBO_API_KEY only if you trust pengbo.space. - Local writes: the skill writes cache and audit files under skills/pengbo-space/data/ (services cache, orders-log.jsonl, onboarding-state.json). If you care about where logs or hashes live, inspect or relocate this directory. - Write operations are real and billable: add/refill create real orders against an external SMM service and may incur charges. The skill requires explicit --confirm for writes, but always verify before authorizing any write action. - Update flow and downloads: updates/downloads are allowed only from clawhub.com, clawhub.ai, or pengbo.space and require signature verification, which is good — verify the public key you provide is correct. - Helper scripts may install tools (e.g., cyclonedx-bom via pip --user) when run; these are not automatic at install but will modify your user environment if executed. - Legal/ethical: the skill automates social-media growth actions (followers/likes/views). Ensure this use complies with the terms of the social platforms and your organization’s policy. Recommended actions: 1) Ask the publisher (or registry owner) to update the skill metadata to declare PENGBO_API_KEY as the primary credential so the permission model is accurate. 2) Review scripts (scripts/pengbo_smm.py, secure_update.sh) yourself or with a security reviewer before enabling autonomous invocation; confirm the allowed hosts and signing key. 3) If you proceed, run first with read-only commands (health, services) and with an API key scoped to a test account; inspect data/ files created by the skill. I flagged this as "suspicious" (not malicious) because the code and instructions are consistent with the claimed purpose, but the omission of the API key in the declared requirements and the presence of local write/update behaviors are notable, avoidable mismatches that you should resolve before trusting the skill.

Like a lobster shell, security has layers — review code before you run it.

betavk97bvkzmrhtb362vjvmvzz8mrd82qmablatestvk97bvkzmrhtb362vjvmvzz8mrd82qmabsecurityvk970vvh0wp19k9dtrj5rer6sks82q2pctriggervk97bvkzmrhtb362vjvmvzz8mrd82qmabv1-1vk97bvkzmrhtb362vjvmvzz8mrd82qmab

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments