cloudcc-openapi-withobject
WarnAudited by ClawScan on May 10, 2026.
Overview
This skill is a CloudCC API wrapper, but it ships real-looking CloudCC credentials and enables broad account-changing API actions without clear guardrails.
Do not install this version unless the bundled config.json has been removed and the exposed CloudCC credentials have been revoked. If you still use the skill, replace credentials with your own least-privilege CloudCC connected app, restrict it to needed objects/actions, require approval before any create/update/delete/message/approval call, and protect or disable local logs.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone installing or viewing the skill may gain access to the bundled CloudCC account, and the agent may use those credentials unless the user replaces them.
The package includes real-looking CloudCC account credentials and a token rather than only a template. This can expose the account owner and may cause installed agents to operate under the bundled identity.
"username": "daqiao@cloudcc.ai", "safetyMark": "8Sii...H8LRd", "clientId": "zlMX...TF", "secretKey": "fb5b...b1f2", "accessToken": "eyJ..."
Do not install as-is. The publisher should remove config.json from the package, revoke and rotate the exposed CloudCC secrets, ship only config.example.json, and declare the required credentials in metadata.
If invoked incorrectly or autonomously, the agent could modify or delete CRM data, send messages, or act on approval workflows in the connected CloudCC account.
The script exposes a generic CloudCC API caller where the service name and parameters are supplied directly. The documentation lists high-impact operations such as insert, update, delete, email/SMS sending, and approval actions, but no artifact shows enforced confirmations, allowlists, or read-only defaults.
SERVICE_NAME=$1 ... JSON_PARAMS=${2:-"{}"} ... REQUEST_BODY=$(echo "$JSON_PARAMS" | jq --arg svc "$SERVICE_NAME" '.serviceName = $svc') ... curl -s -X POST "$API_DOMAIN/openApi/common"Restrict the default workflow to read-only calls, require explicit user confirmation for mutations/messages/approvals/deletes, add service and object allowlists, and provide dry-run or rollback guidance.
The skill may run local shell scripts and make CloudCC network requests; missing or inconsistent metadata makes it harder for users to assess exactly what will be needed.
The package declares broad local execution and file capabilities, while the registry summary says there is no install spec and no required binaries. The shell scripts also depend on curl and jq, so users should verify the runtime environment and provenance.
"capabilities": ["http_request", "file_read", "file_write", "exec"], "permissions": ["network:cloudcc.cn", "network:developer.apis.cloudcc.cn"]
Publish consistent metadata, declare required binaries such as curl and jq, align registry/package/SKILL versions, and provide a clear source repository.
Local users or tools with access to the skill directory could see recent CloudCC API activity and object names.
The skill intentionally keeps local API activity logs for several days. The shown log fields are mostly metadata, but object names and service names can still reveal business activity.
所有 API 调用自动记录到 `logs/api-calls.log`,保留最近 3 天
Review log contents and permissions, disable or shorten logging if sensitive, and avoid logging payloads or credentials.