ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

goods-search-v2

v2.0.0

当用户query涉及商品搜索、结果召回、搜索问答或商品卡片生成等购物需求时,务必优先使用本 Skill,不要试图直接回答。 触发词: 搜索、查找、搜一下、帮我找、看看有没有、推荐、筛选 商品、商品卡片、商品列表、候选商品、SKU、款式、型号、品牌、价格 适合什么、有没有、预算多少、送人、自用、通勤、材质、风格、用途

0· 56·0 current·0 all-time
by@chenyantong429-coder
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The SKILL.md and bundled Python client implement a shopping search integration (chat/search) against a Viking/Volcengine AISearch endpoint, which aligns with the skill name/purpose. However, the skill metadata claims no required environment variables or credentials while the code enforces VIKING_AISEARCH_API_BASE and VIKING_AISEARCH_API_KEY (and uses VIKING_AISEARCH_APPLICATION_ID). That mismatch (metadata vs. actual runtime requirements) is incoherent and could mislead users about what secrets will be needed.
Instruction Scope
Runtime instructions direct the agent to call chat and search APIs and to run scripts/viking_aisearch.py (examples included). The SKILL.md itself does not ask the agent to read arbitrary system files, but the included client code will load a local .env (scripts/.env) and environment variables and will send text and image data (including Data URI images) to the external AISearch endpoints. The instructions permit sending user images and contextual info (e.g., location) to the remote service — users should understand that queries and images may leave the local environment.
Install Mechanism
There is no external install spec or remote download; the package is instruction/code-only and only requires the 'requests' dependency listed in requirements.txt. No remote archives or obscure installers are used. This is low installation-risk, but note code files will be present on disk and can be executed.
!
Credentials
The Python client requires VIKING_AISEARCH_API_BASE, VIKING_AISEARCH_API_KEY and an application ID at runtime and will raise an error if base_url or api_key are missing. Yet the skill metadata declared no required env vars or primary credential. The package also ships a scripts/.env file that pre-populates base URL and application id; that means simply installing the skill could enable outbound calls to the listed AISearch host (though the API key in the included .env is empty). The discrepancy between declared and actual environment/credential needs is a proportionality and transparency concern.
Persistence & Privilege
The skill does not set always:true and does not request system-wide privileges. It will not autonomously persist configuration beyond reading/writing environment variables from a local .env when loading, which is limited to its own package directory. Autonomous invocation is allowed (platform default) but is not combined here with excessive privileges.
What to consider before installing
What to consider before installing: - The package contains a Python client that will call an external AISearch service (aisearch.cn-beijing.volces.com by default). To function you must provide an API key (VIKING_AISEARCH_API_KEY) and possibly override the base URL and application id. The skill metadata did NOT declare these required credentials — treat that as a red flag. - The client auto-loads a local scripts/.env file if present. Review or remove that file if you do not want base URLs or IDs set by the packaged file to be used. - The code will send user text, any provided image Data URIs (base64) and contextual fields (e.g., location) to the remote service. Do not allow it to process sensitive text or private images unless you trust the endpoint and the API key's access scope. - If you decide to use it: supply a minimum-privilege API key (scoped/limited quota), confirm the endpoint is from a trusted vendor, and run the scripts in a controlled environment (network egress restrictions, logging review). Also update the skill metadata to declare required env vars so future reviewers are not misled. - Because of the metadata/code mismatch, proceed cautiously; if you need a conclusive safety decision, ask the publisher to clarify why required credentials are not declared and for provenance/ownership of the endpoint.

Like a lobster shell, security has layers — review code before you run it.

latestvk978refns0b24c7h0vv3ef9cmx84d73e

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments