ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Alicloud Security Content Moderation Green

v1.0.3

Manage Alibaba Cloud Content Moderation (Green) via OpenAPI/SDK. Use whenever the user needs content moderation resource and policy operations, including lis...

0· 1.1k·2 current·3 all-time
by@cinience
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill is for Alibaba Cloud Content Moderation (Green) and the included script and docs point at the official Alibaba API metadata endpoints — that matches the stated purpose. However, the registry metadata lists no required credentials or config paths while the SKILL.md explicitly requires Alibaba Cloud access keys and may perform create/update operations. The omission of those required credentials from the skill manifest is an inconsistency.
!
Instruction Scope
SKILL.md instructs the agent to call OpenAPI/SDK methods including List/Create/Update/Modify operations and to use credentials from environment variables or ~/.alibabacloud/credentials. The included script only fetches public API metadata, but the textual instructions authorize mutating cloud APIs and reading shared config (~/.alibabacloud/credentials). The manifest did not declare read access to that config path, so the runtime instructions allow broader scope than the declared skill footprint.
Install Mechanism
There is no install spec and only one small Python script which queries a public Alibaba API metadata URL. No downloads from unknown hosts or archive extraction are used. This is low-risk from an install perspective.
!
Credentials
SKILL.md requires ALICLOUD_ACCESS_KEY_ID, ALICLOUD_ACCESS_KEY_SECRET, and optionally ALICLOUD_REGION_ID (and references ~/.alibabacloud/credentials). Yet the skill metadata declares no required environment variables or primary credential. Requesting cloud credentials for a skill that can perform mutating operations is reasonable — but the manifest should explicitly list and justify them. The current mismatch could cause a user to grant credentials without realizing the skill will use them for mutations.
Persistence & Privilege
The skill is not always-enabled and does not request system-wide persistence or attempt to modify other skills' configuration. Autonomous invocation is allowed (platform default) but not combined with any additional privileged flags.
What to consider before installing
Before installing or running this skill: (1) Ask the author/maintainer to update the skill metadata to explicitly declare required env vars (ALICLOUD_ACCESS_KEY_ID, ALICLOUD_ACCESS_KEY_SECRET, optional ALICLOUD_REGION_ID) and any config path (~/.alibabacloud/credentials). (2) Only provide least-privilege credentials (prefer read-only scope or a narrowly-scoped role) and test in a non-production account first. (3) Understand that SKILL.md allows mutating APIs (Create/Update); if you only need inventory/read operations request a read-only version. (4) Confirm whether the agent will run those mutating operations autonomously — if you want to prevent automatic changes, deny or rotate credentials or require explicit user approval for mutations. (5) If you need higher assurance, request the author publish the code in a public repo and include a manifest declaring required envs and an explicit list of API calls the skill may make. If the manifest is corrected to list only read-only credentials and the skill is limited to metadata fetching/listing, the incoherence would be resolved and my concern would be reduced.

Like a lobster shell, security has layers — review code before you run it.

latestvk97eg6axyae0b682t4ghx9w3bx82q226

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments