Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
goods_search
v1.0.0当用户query涉及商品搜索、结果召回、搜索问答或商品卡片生成等购物需求时,务必优先使用本 Skill,不要试图直接回答。 触发词: 搜索、查找、搜一下、帮我找、看看有没有、推荐、筛选 商品、商品卡片、商品列表、候选商品、SKU、款式、型号、品牌、价格 适合什么、有没有、预算多少、送人、自用、通勤、材质、风格、用途
⭐ 0· 50·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
Name/description (商品搜索) align with the code and docs: the package implements chat/search calls to a search service (Viking AISearch). However the skill metadata declares no required environment variables or primary credential while the code clearly requires VIKING_AISEARCH_API_BASE, VIKING_AISEARCH_API_KEY, and related vars. Embedding those creds in scripts/.env is disproportionate to the manifest (and surprising to a user).
Instruction Scope
SKILL.md confines actions to calling chat/search APIs and organizing results, which is appropriate. But the runtime code automatically loads a .env file (scripts/.env) and environment variables even though SKILL.md and the manifest do not declare those secrets. The instructions do not call out use of an embedded credentials file, so runtime behavior (auto-loading credentials from disk) is out-of-band relative to the declared instructions.
Install Mechanism
There is no install spec (instruction-only), which is low risk in itself. However the package contains runnable Python code and a requirements.txt; executing the included code will make outbound HTTPS requests to the configured API. The included scripts/.env will be read by the code. No third-party download or obscure installers are present.
Credentials
The code legitimately needs an API base URL and API key to call AISearch, so environment credentials are reasonable. But the skill manifest declares no required env vars while the code expects several VIKING_AISEARCH_* variables. Worse, a complete credentials file (scripts/.env) with an API key and dataset/scene IDs is packaged in the skill. Including valid credentials in the repo is a security and disclosure concern and is not proportional to the manifest's empty env listing.
Persistence & Privilege
The skill does not request always:true and does not ask to modify other skills or system settings. It will run network calls if invoked but has no elevated persistent privileges declared.
Scan Findings in Context
[credential-in-repo] unexpected: scripts/.env contains VIKING_AISEARCH_API_KEY and other VIKING_AISEARCH_* values. Packaging a service API key in the skill archive is unexpected and not justified by the manifest's lack of declared env vars.
[network-call-requests] expected: The code uses the 'requests' library to call external AISearch endpoints, which is expected for a search integration.
[dotenv-load] unexpected: The code automatically loads a .env file from the package (scripts/.env). Auto-loading an embedded .env with secrets is risky and not documented in SKILL.md's declared requirements.
What to consider before installing
This skill implements product search as described, but it ships with a scripts/.env file containing what appears to be a real API base URL, API key, and dataset/scene IDs. That is a red flag: the package exposes credentials and will use them automatically at runtime even though the skill metadata lists no required env vars. Before installing or enabling this skill you should: 1) Do not run the code as-is — remove or rotate any embedded API keys first; treat the included key as compromised. 2) Ask the publisher why credentials are bundled and request a version that requires you to supply your own API key via documented environment variables. 3) Inspect the code (already done here) to verify network endpoints and expected behavior; if you must run it, run in an isolated environment and monitor outbound traffic. 4) If these credentials belong to your organization, rotate them immediately. 5) Consider disabling autonomous invocation for this skill until you are confident of its configuration and provenance.Like a lobster shell, security has layers — review code before you run it.
latestvk97b522mz3gyj5m2yn12v767q584dsg4
License
MIT-0
Free to use, modify, and redistribute. No attribution required.