Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
NewAPI
v0.1.1Assistant for newapi (new-api), an open-source unified AI gateway platform (https://github.com/QuantumNous/new-api). Use when the user asks about New API, ma...
⭐ 0· 302·1 current·1 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill's name/description (New API management, tokens, config injection, exec with tokens) aligns with the included scripts. However, the registry metadata declares no required environment variables while the runtime scripts (env.js) require NEWAPI_BASE_URL, NEWAPI_ACCESS_TOKEN, and NEWAPI_USER_ID and will exit if they are missing. That mismatch (metadata vs actual requirements) is an incoherence the user should notice.
Instruction Scope
SKILL.md and docs instruct the agent to avoid exposing keys and not to read .env or clipboard contents, but env.js explicitly loads .env files (project root and skill dir) to populate credentials. The scripts will also read arbitrary config files for scan/apply operations and will atomically overwrite files in apply mode. exec-token runs arbitrary shell commands with a fetched secret substituted into the command — powerful and aligned with purpose, but it requires trust in the script's sanitization and in the target command not to leak the secret elsewhere.
Install Mechanism
There is no install spec and this is instruction-plus-script content (no network downloads at install time). That reduces supply-chain risk; the code is shipped in the skill bundle rather than fetched from an arbitrary URL.
Credentials
The scripts legitimately need three environment values (NEWAPI_BASE_URL, NEWAPI_ACCESS_TOKEN, NEWAPI_USER_ID) to call the New API, but the skill registry metadata lists none — this under-declaration is misleading. Also, env.js will look for a project-root .env (by walking up from process.cwd()) and load it if present, which means the scripts may read user project files and any secrets they contain. That level of file access is more than the metadata suggests and should be confirmed before installing.
Persistence & Privilege
always:false and no modification of other skills or global agent settings. The skill can write to arbitrary files specified by the user (inject-key apply mode) and execute arbitrary shell commands (exec-token) — these are powerful but coherent with the stated purpose; they require user caution and explicit file/command targets.
What to consider before installing
Before installing or running this skill: 1) Be aware the scripts require NEWAPI_BASE_URL, NEWAPI_ACCESS_TOKEN, and NEWAPI_USER_ID even though the registry metadata doesn't list them — set those only in a secure environment. 2) env.js will load .env from your project root (it searches upward from the current working directory) and from the skill dir — remove or avoid sensitive secrets in project .env files you don't want read. 3) Review the scripts yourself: inject-key can overwrite files atomically and exec-token runs arbitrary shell commands with live secrets substituted; only run apply/exec on files/commands you trust. 4) The skill's sanitizers try to redact secrets but are heuristic — do not rely on them as an absolute guarantee. 5) If you expect the platform to enforce least privilege, ask the publisher to update metadata to declare required env vars explicitly and to document the .env file access behavior clearly before proceeding.scripts/copy-key.js:32
Shell command execution detected (child_process).
scripts/exec-token.js:65
Shell command execution detected (child_process).
scripts/inject-key.js:68
File read combined with network send (possible exfiltration).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.Like a lobster shell, security has layers — review code before you run it.
latestvk97e2pf3kp46fgb0v9y8k1b0qn82xcfb
License
MIT-0
Free to use, modify, and redistribute. No attribution required.