ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Beautsgo Booking

v1.0.1

韩国/首尔美容医美预约助手,内置 900+ 家皮肤科/整形医院数据库(BeautsGO 平台)。支持:①按医院名或项目类型(激光/注射/整形)查询预约流程;②直接调用接口提交预约(收集人数/时间/联系方式后 POST,无需浏览器);③打开医院详情页/价格表/在线客服;④中/英/日/泰四语言。触发场景:询问韩国美容...

0· 75·0 current·0 all-time
by@beautsgo
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description (BeautsGO booking) align with the code: it matches hospitals.json, renders booking guides, opens BeautsGO pages, and posts booking requests. One oddity: the booking POST target is api.yestokr.com rather than a beautsgo.com API; SKILL.md claims that URL is the BeautsGO appointment API but the different hostname is worth confirming with the author.
Instruction Scope
SKILL.md and api/skill.js limit behaviour to: render booking guides, open only i.beautsgo.com URLs (open-url enforces a whitelist), and POST booking payloads to the declared API. The skill collects phone/contact info from users and will send it to the API when the user follows the '帮我预约' flow. That is within the stated purpose but relies on the agent asking for and obtaining explicit user consent before sending PII — verify that the runtime will prompt/require confirmation before any POST.
Install Mechanism
No install spec is included (instruction-only), but code and package.json are present and SKILL.md says 'npm install' and requires node>=16 and pinyin-pro. There are no downloads from untrusted URLs and dependencies come from npm (package-lock provided). This is coherent but note: the platform or user must install Node and npm packages for the code to run.
Credentials
The skill requests no environment variables, no external credentials, and reads only its bundled data files (data/hospitals.json, i18n, templates). That matches its function and is proportionate to the stated purpose.
Persistence & Privilege
Skill flags show always:false and normal invocation. The skill does not request elevated platform privileges or persistent system-wide changes. Bundled scripts exist (e.g., sync-to-openclaw.sh) but there is no automatic install step that runs them; review before executing locally.
Scan Findings in Context
[unicode-control-chars] unexpected: The SKILL.md contained unicode control characters flagged by the scanner. Such characters can be used in prompt‑injection or to hide text; this is not expected for a booking guide and should be removed or explained by the author.
What to consider before installing
What to consider before installing/use: - Confirm the booking API: the code posts user phone/contact info to https://api.yestokr.com/api/Appointment/saveFromSkill. Ask the author to confirm that this endpoint is the official BeautsGO booking API (domain mismatch with beautsgo.com is notable). Do not provide real phone numbers until you trust the endpoint. - Consent & confirmation: ensure the agent will explicitly ask for and record user consent before sending any personal contact info. The skill is designed to send PII (phone numbers) as part of booking — that is necessary for the feature but requires clear consent. - Prompt‑injection artefact: SKILL.md contained unicode control characters (a prompt‑injection signal). This could hide instructions or manipulate the agent. Request a cleaned SKILL.md or inspect the file to remove hidden characters. - Review bundled scripts before running locally: repository includes scripts (sync-to-openclaw.sh, import scripts). None are auto-run by the platform, but if you run npm scripts locally, inspect them first. - Dependency & runtime: the skill expects Node.js (>=16) and npm packages (pinyin-pro). If you run it locally, run npm install only after reviewing package.json/package-lock and ensure you trust the npm packages. - Test safely: try queries that do not include real contact info to exercise 'view' and 'open' flows. Only test the booking POST with a disposable phone number after you confirm the endpoint's legitimacy and get user consent. If you want, I can: - List the exact places in api/skill.js where POST is invoked so you can verify call/consent flow, or - Produce a cleaned version of SKILL.md with nonprintable characters removed for manual review.

Like a lobster shell, security has layers — review code before you run it.

latestvk97fj1t5a0g2rm30s7av01se8n83zm3s

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments