ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Aliyun Modelstudio Crawl And Skill

v1.0.0

Use when refreshing the Model Studio models crawl and regenerate derived summaries and `skills/ai/**` skills. Use when the models list or generated skills mu...

0· 40·0 current·0 all-time
by@cinience
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description match the included Python scripts which parse a crawl and produce summaries and skill suggestions. However, SKILL.md lists Node.js/npx as a prerequisite while the skill metadata declares no required binaries; the SKILL.md command paths reference scripts under skills/ai/misc/... but the shipped files live at scripts/*.py. These mismatches mean the runtime layout the instructions expect may not match how the skill is installed or executed.
!
Instruction Scope
Instructions tell the agent to run an npx command that downloads and executes @just-every/crawl against https://help.aliyun.com and then run bundled Python scripts that read/write files. The crawling step contacts an external site (expected) but uses npx which will fetch and execute code from npm (arbitrary code execution). The SKILL.md also asks to save evidence including 'region/resource id/time range' which could encourage including environment-specific identifiers in outputs; while not secrets by name, this increases what gets written to disk and possibly shared.
Install Mechanism
There is no install spec (instruction-only), which reduces installer risk. However, the workflow relies on npx -y @just-every/crawl (transiently pulling an npm package and executing it). Relying on npx to run a remote package is a moderate install/execution risk unless the package and version are audited or pinned. The Python scripts are local and simple text processing (no external downloads).
Credentials
The skill declares no required environment variables or credentials, and the Python scripts do not read secrets or env vars. The only external access is network to the public help.aliyun.com site. Asking to record 'region/resource id/time range' in evidence is informational and not a request for secrets.
Persistence & Privilege
always is false and the skill does not request persistent or system-wide privileges. It writes outputs into an output/ subdirectory and generated skills under skills/ai/** per instructions — this is expected for a content-generation workflow and not an escalation of privilege.
What to consider before installing
This skill appears to do what it says (crawl the Aliyun Model Studio page and generate summaries and suggested skills), but review a few things before running it: - Path mismatch: SKILL.md runs scripts at skills/ai/misc/.../scripts/*.py but the repository has scripts/refresh_*.py at top-level scripts/. Confirm the expected location or adjust commands to point to the included files; otherwise the workflow may fail or the scripts may compute wrong ROOT paths. - npx risk: The workflow uses `npx -y @just-every/crawl` which transiently downloads and executes an npm package. npx executes arbitrary code from the npm registry; inspect the @just-every/crawl package source (and pin a specific version) or replace it with a known-safe fetch mechanism (curl/wget, or a locally vetted crawler) if you want to reduce risk. - Run in a sandbox: Because the crawl step executes third-party code and the scripts write files, run this workflow in an isolated environment (container or VM) until you are comfortable with the behavior and outputs. - Inspect outputs: The Python scripts write JSON/markdown under output/ and may include model IDs and URLs. Ensure you do not unintentionally publish sensitive identifiers. The instructions request recording region/resource IDs — avoid including secrets/credentials. Given the inconsistencies and the use of npx, this is suspicious rather than clearly benign. If the maintainer can confirm the intended file layout and justify using the specific @just-every/crawl package (or provide a pinned, vetted alternative), the assessment could be upgraded.

Like a lobster shell, security has layers — review code before you run it.

latestvk97aswtqs2dx4pqg0bgnts4f7s840qjp

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments