Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
sjht-data-annotation
v1.0.0通用数据标注处理工具。当用户提到需要数据标注、有标注任务、数据处理、数据集生成、 标注查看/编辑时使用此 skill。支持图像、视频、文本等多种数据类型,调用模型进行内容理解 和标注,生成结构化标注数据,提供 Web 查看编辑界面。 触发短语:「标注」「annotation」「数据集」「label」「tag da...
⭐ 0· 115·0 current·0 all-time
by@aowind
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description and included files (annotation API, viewer template, SKILL.md) align with a data-annotation tool. However some operational recommendations (symlinking into /root, chmod 755 /root) and nginx/systemd instructions are more intrusive than needed for a simple annotation viewer and are not justified by the core purpose.
Instruction Scope
SKILL.md instructs reading user-provided document paths and data directories (expected), but also instructs privileged system operations: changing /root permissions to 755, restarting nginx, and adding permissive CORS headers. The shipped API accepts a 'dir' query parameter for listing which is not constrained to the configured DATA_DIR (information disclosure risk), and the POST save endpoint lets callers specify an arbitrary results file path and will write to it (arbitrary file write). These behaviors permit listing and partial modification of files outside the intended data directory when proxied/exposed.
Install Mechanism
No install spec or external downloads — the skill is instruction-only plus bundled code. This lowers supply-chain risk; nothing is fetched from remote URLs during install.
Credentials
The skill declares no environment variables or credentials (appropriate), but README and SKILL.md examples show calling external model APIs with Authorization: Bearer <API_KEY>. The skill does not declare or manage those credentials; the agent/user will need to supply them. Lack of explicit guidance about where to store API keys is a minor omission but not necessarily malicious.
Persistence & Privilege
The skill's metadata does not request persistent or elevated privileges, but the runtime instructions encourage system-wide changes (modifying /root permissions, adding nginx location blocks, restarting nginx) that require root. This combination (code that can write arbitrary paths + guidance to make data available under /root and to restart system services) increases the blast radius if the API is exposed or misused.
What to consider before installing
What to consider before installing/using this skill:
- Functional fit: The skill matches a data-annotation workflow and includes a viewer and a small HTTP API. If you only need a local ad-hoc annotator, it is plausible to use.
- Security issues to fix or review before use:
- Restrict the API to the intended data directory: modify scripts/annotation-api.py so both listing (dir param) and save (results_file) are validated to reside under the configured DATA_DIR (use realpath checks). Right now GET allows listing arbitrary dirs and POST can write to arbitrary paths.
- Do NOT chmod /root to 755. Instead place annotation data under a dedicated directory you control (e.g., /var/lib/annotation or a user home subdirectory) and run the service under a dedicated unprivileged user.
- Avoid exposing the API publicly. If you proxy via nginx, require authentication, limit allowed origins, and avoid setting Access-Control-Allow-Origin: * for the API. Consider binding to a unix socket or 127.0.0.1 only and restricting nginx to authenticated locations.
- Sanitize inputs in the POST save path and ensure files are not overwritten unintentionally. Prefer appending JSONL within DATA_DIR and disallow absolute paths in client-supplied file parameters.
- Run the API and viewer in an isolated environment (container or dedicated VM) to limit impact if abused.
- Operational cautions:
- The SKILL.md suggests restarting nginx and modifying system config; perform these steps only if you understand the server and have backups. Prefer adding locations in an existing site config without changing root permissions.
- The skill references external model APIs and examples that require API keys. Ensure you supply keys securely (environment variables, secret store) and do not embed them in client-side code.
- If you want to proceed safely: review and patch annotation-api.py to enforce DATA_DIR bounds for both listing and saving; change default DATA_DIR to a non-root path; remove or rework instructions that require changing /root permissions; and run behind authentication/firewall. If you cannot audit/patch the code, treat the skill as risky and avoid exposing the service to other users or the internet.Like a lobster shell, security has layers — review code before you run it.
latestvk979ev3emsr2jq4jgkc1ttmnmd83696d
License
MIT-0
Free to use, modify, and redistribute. No attribution required.