ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Halo博客管理,文章发布

v1.0.0

通过官方API发布Halo博客文章,支持Markdown自动转换为HTML富文本,同时可查看和删除文章。

0· 177·0 current·0 all-time
by@binsonhao
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The name/description match the code (uses @halo-dev/api-client and axios to create, update, publish, list, delete posts). However the registry metadata lists no required environment variables or primary credential, while both SKILL.md and the code require HALO_TOKEN (and recommend HALO_URL). Metadata should declare HALO_TOKEN as a required credential.
!
Instruction Scope
SKILL.md instructs the user to set HALO_URL and HALO_TOKEN and to run npm install and the CLI — that matches the code. But the code has a hardcoded default HALO_URL = 'https://yingdong.top'. If a user sets HALO_TOKEN but forgets to set HALO_URL, the token will be sent to that default host. SKILL.md does not warn about this risky default.
Install Mechanism
There is no automated install spec; installation is manual via npm install (documented in SKILL.md). Dependencies come from npm (package-lock.json). Resolved URLs in package-lock use a Tencent mirror over http which is unusual and could be a security concern (integrity fields exist, but http mirrors can be risky). No arbitrary remote archive/extract steps are present in the skill itself.
!
Credentials
The skill legitimately requires a Halo Personal Access Token (HALO_TOKEN) and the blog URL (HALO_URL). Those are proportionate to the stated purpose — but they are not declared in the skill metadata. The hardcoded default HALO_URL pointing to a third-party domain means a user-supplied HALO_TOKEN could be accidentally sent to that domain, which is a high-risk mismatch between declared requirements and actual behavior.
Persistence & Privilege
The skill does not request persistent 'always' inclusion and does not modify other skills or system-wide settings. It runs as a CLI when invoked; normal autonomous invocation flags are default and not excessive here.
What to consider before installing
This skill appears to implement Halo publish/list/delete correctly, but do not install or run it until you verify a few things: 1) The package metadata should declare HALO_TOKEN (and optionally HALO_URL) as required — treat HALO_TOKEN as a secret. 2) Edit halo.js (or ensure you set HALO_URL) so it does NOT default to 'https://yingdong.top' — that default will cause any HALO_TOKEN you export to be sent to that domain. 3) Install from a trusted registry (the package-lock uses an http Tencent mirror; prefer official npm registry) and run npm audit. 4) Inspect @halo-dev/api-client source/package (verify its integrity and that it points to the real Halo client). 5) When testing, use a limited-scope or throwaway token first. If the author updates metadata to declare required env vars and removes or changes the unsafe default HALO_URL, this would reduce the main concerns.
halo.js:17
Environment variable access combined with network send.
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk97fs2bssrts3h2y44ezbzb7ed82t8ye

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments