ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

1Panel API Skills

v1.0.0

1Panel 开源面板 API Skill。提供网站管理、容器管理、数据库管理、文件管理等 23+ 个模块的完整 API 接口文档。

0· 87·0 current·0 all-time
by@breadbot86
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (1Panel API docs) match the provided content: extensive per-module API documentation for websites, containers, databases, files, backups, etc. Nothing in the package requires unrelated capabilities (no unexpected cloud credentials, binaries, or installs).
Instruction Scope
SKILL.md and the docs contain curl examples and a token-generation snippet (openssl + date) and list server file paths (e.g., /opt/1panel/...). These are typical for an API docs skill. The instructions do not direct reading unrelated local files or exfiltrating data, but do include shell examples that an agent might execute if invoked — exercise caution before running those commands.
Install Mechanism
No install spec and no code files — instruction-only. Nothing will be downloaded or written to disk by default, which minimizes install-time risk.
Credentials
The skill does not declare required env vars or credentials in the registry metadata. Runtime usage expects the user's 1Panel address and an API key (provided interactively or in requests), which is proportionate to the documented functionality. There are no unexpected credential requests.
Persistence & Privilege
always is false and the skill is user-invocable. It does not request elevated or persistent platform privileges. Nothing indicates it would modify other skills or system-wide agent settings.
Assessment
This skill is a documentation bundle for the 1Panel management API and appears coherent. Before using it: (1) only provide your 1Panel API key and panel address to trusted skills/agents; prefer a limited-scope API key (if 1Panel supports it) for automation; (2) be careful executing the provided shell examples (openssl, curl) — they will run on the host/environment if an agent executes them; (3) the API covers destructive actions (delete containers, backups, databases, etc.), so review and restrict which endpoints you allow the agent to call; (4) if you want persistent configuration, store the API key in a secure place (secret manager) rather than pasting it into chat. Overall the package is consistent with its stated purpose.

Like a lobster shell, security has layers — review code before you run it.

latestvk971f58ht4ktybqac2pznf4aes83xde2

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments