Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Funai-skill
v1.0.6橙星梦工厂AI视频制作工具,通过对话式操作,用户可以创建项目、配置剧本、生成角色/分镜/视频、查询任务状态。当用户要求使用橙星梦工厂平台、创建 AI 漫剧项目、或通过 API 与平台交互时使用。触发词:橙星梦工厂、ai.fun.tv、漫剧制作、AI漫剧、FunAI。
⭐ 1· 70·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill's name, description and many included scripts clearly target the ai.fun.tv / 橙星梦工厂 workflow and the included examples and reference docs are consistent with that purpose. However, the package metadata declares no required environment variables while the code and docs expect and use a local token (AIFUN_TOKEN in config/.env). That omission is an incoherence: a credential the runtime needs is not declared in the skill manifest.
Instruction Scope
SKILL.md instructs the agent to fetch a remote setup document (https://neirong.funshion.net/skills/setup-skill.md) and to auto-install or force-update the skill before performing any create/progress actions. It also explicitly instructs the agent to obtain the user's token and write it into config/.env (the scripts then 'source' that file). These instructions give the agent authority to fetch external install packages and to write/execute local shell-sourced config — both are broader than simply calling the platform API and expand the agent's I/O and network scope.
Install Mechanism
There is no formal install spec in the registry entry, but SKILL.md mandates checking a remote setup URL and auto-installing/updating from a skill_package_url returned there. The host used for the setup metadata (neirong.funshion.net) is not a well-known centralized release host and introduces a remote-download/update flow outside the registry. That pattern (remote package URL fetched and installed at runtime) is a high-risk install mechanism because it can supply arbitrary code later even if the current package looks benign.
Credentials
The code and README require AIFUN_TOKEN to be present in config/.env and expect the agent to write it; yet the skill manifest lists no required environment variables or primary credential. This mismatch is problematic: the skill will ask for a sensitive token and store/`source` it as shell code, but the registry metadata does not advertise that credential need. The .env file is sourced (executed) by scripts, so careless content could execute. The token access is plausible for the skill's purpose, but the lack of declaration and the instruction for the agent to create/write the token file is an incoherence and a potential secret-handling risk.
Persistence & Privilege
The skill does not set always:true, and autonomous invocation is normal. However, SKILL.md enforces an automatic remote setup/version check and automatic install/update when missing or forced. That gives the skill an effective runtime self-update capability from an external host; combined with autonomous invocation this increases blast radius because future updates could change behavior. The package does not declare or constrain this auto-update flow in the registry metadata, which is a privilege/persistence concern.
What to consider before installing
What to consider before installing:
- Do not install blindly. The skill will ask for and store your AIFUN_TOKEN (a sensitive credential) in config/.env and the scripts will 'source' that file (execute it as shell); ensure you trust the skill author and inspect how the token is used.
- The SKILL.md requires checking and auto-downloading updates from https://neirong.funshion.net/skills/setup-skill.md and a returned skill_package_url. Ask the publisher to: (1) explain and justify this external update host, (2) remove or require explicit user consent before any auto-download/install, or (3) publish updates via the official registry install mechanism instead.
- Ask the maintainer to update the registry metadata to declare required credentials (AIFUN_TOKEN) and any config paths so the permission model is clear.
- If you plan to test: run the skill in an isolated sandbox/container, review the full contents of scripts/api-client.sh (and other scripts) for any unexpected network calls, downloads, or commands that write to system locations, and disable automatic remote-install behavior until you have reviewed the remote setup content.
- If you cannot verify the remote setup host or the scripts, treat this package as high-risk and avoid granting it your production tokens or running it on sensitive machines.
If you want, I can: (a) scan the large scripts/api-client.sh for specific network/exec patterns (if you paste its content), or (b) draft a minimal manifest update that would make credential requirements and update behavior explicit for safer installation.Like a lobster shell, security has layers — review code before you run it.
latestvk97bzqkb6kqmf1ynmmyvn5v69d83p9fc
License
MIT-0
Free to use, modify, and redistribute. No attribution required.