Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Walter Info
v1.1.0获取全球五大洲主要城市天气预报与跨境电商热点资讯,并生成格式化Markdown文档和JSON数据文件。当用户需要查询天气、跨境电商资讯,或要求生成报告时触发。
⭐ 0· 99·1 current·1 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Suspicious
high confidencePurpose & Capability
Name/description (weather + cross‑border news) align with the included scripts (fetch_weather.py, fetch_news.py, run.py, apply_llm_summaries.py). However multiple files use hardcoded absolute Windows paths (e.g. C:\Users\beyon\.openclaw\workspace-dapingxia\skills\walter-info) to read/write/delete files in a user's .openclaw workspace. Those hardcoded path operations are not necessary for the stated purpose and suggest the skill will access/modify files outside its own local copy if the path exists.
Instruction Scope
SKILL.md instructs running python scripts/run.py (or module scripts). That is consistent, but the code will: perform network requests to third‑party sites (ennews, cifnews, wttr.in), write JSON/Markdown outputs, remove llm_input files, and contains check_files.py and cleanup.py that list and delete files at the hardcoded skill_dir. The cleanup action (remove config.example.json) and arbitrary directory listing behavior extend beyond simple fetch/format tasks and could modify a user's workspace.
Install Mechanism
Instruction-only with no install spec and no remote downloads. No package install mechanism present — lowest install risk in that sense.
Credentials
No environment variables or credentials are requested (requires.env none), which is proportional. However network calls are performed and the code disables SSL certificate verification (ssl.SSLContext with check_hostname=False and verify_mode=ssl.CERT_NONE) in _retry_request, weakening transport security and increasing MITM risk. There are no declared secrets but the skill will cause data to be sent to external endpoints (news/weather sites and any LLM the agent uses for summaries).
Persistence & Privilege
The skill does not request always:true and is user-invocable only. Still, scripts are written to read and modify files in a fixed workspace path and to delete files (cleanup.py removes config.example.json; apply_llm_summaries.py deletes llm_input_*.json). That grants the skill effective write/delete ability over files in that path if it exists, which is a privilege beyond simply producing reports.
Scan Findings in Context
[unicode-control-chars] unexpected: The pre-scan detected unicode control characters in SKILL.md. This can be used to obfuscate content or attempt prompt‑injection; it is not needed for a weather/news report skill.
What to consider before installing
Before installing or running this skill, consider the following:
- Review and edit hardcoded paths: several scripts use a fixed Windows path (C:\Users\beyon\...\.openclaw\...). If that path exists on your machine the skill will read/write/delete files there. Change those paths to safe, relative locations before running, or run in an isolated/sandbox environment.
- Audit deletion behavior: cleanup.py will remove config.example.json in the hardcoded path; apply_llm_summaries.py deletes llm_input_*.json. Ensure those files are not needed or backed up.
- Network security risk: fetch_news.py's HTTP helper disables SSL certificate verification (ssl.CERT_NONE). That makes requests vulnerable to MITM attacks. Fix the code to verify TLS before use, or run with network restrictions.
- Data exfiltration surface: the skill fetches third‑party web content and writes outputs; it also expects the agent/LLM to read llm_input_*.json for summaries. This is expected for its purpose, but be mindful of what content will be sent to any LLM (the agent's model) — do not feed sensitive internal data.
- Prompt injection / obfuscation: SKILL.md contained unicode control characters (scanner flagged). Manually inspect SKILL.md and any created llm_input files for hidden characters or instructions before allowing the agent to use them with an LLM.
Recommended actions: run the skill only in a sandboxed environment (container or VM) until you remove/patch hardcoded paths and re-enable TLS verification; or ask the publisher to provide a version without absolute paths and with secure HTTP handling. If you lack ability to audit/modify the code, treat this skill as potentially risky and avoid installing it in a production or credentialed environment.Like a lobster shell, security has layers — review code before you run it.
latestvk979p0xwjh4c017ztz13tvnjhn84dyjs
License
MIT-0
Free to use, modify, and redistribute. No attribution required.