ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Approval Engine

v1.0.0

审批流程引擎 + 异常处理系统 — 规则驱动的多级审批、异常检测、自动恢复策略和 Discord 通知集成

0· 75·0 current·0 all-time
byJaden's built a claw@cjboy007
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The code and SKILL.md implement a rule-driven approval engine with exception detection, recovery strategies and Discord integration — which matches the name/description. However the registry metadata claims no required environment variables while the SKILL.md and code clearly expect Discord credentials and optional data-dir/env paths; that mismatch is unexpected and should be corrected.
Instruction Scope
Runtime instructions are focused on creating approvals, running detectors, recovery, and sending Discord notifications. The SKILL.md tells the agent to load modules from the skill root, read config/approval-rules.json and run cron/test scripts. These actions are coherent with the stated purpose and the code's behavior; I saw no instructions to read unrelated system files or exfiltrate data to unknown endpoints beyond Discord.
Install Mechanism
No install spec is provided (instruction-only), and the included source files are standard JS modules using built-in Node APIs (fs, https). There are no external download URLs or unusual installers. Risk from installation mechanism is low.
!
Credentials
SKILL.md and the code expect Discord-related environment variables (DISCORD_BOT_TOKEN and several DISCORD_*_CHANNEL IDs) and optionally APP/ DATA root overrides, but the skill registry declares no required env vars — an inconsistency. The requested envs (Discord token and channel IDs) are reasonable for a Discord-integrated notifier, but they are sensitive credentials and should be explicitly declared in metadata so users know what to provide and protect.
Persistence & Privilege
The skill writes to local data/ and logs/ directories (approvals.json, approval.log, exceptions.json) and persists approvals to JSON — behavior consistent with an approval engine. It does not request always: true and does not modify other skills' configuration. This level of persistence is expected but you should be aware of the local files it creates.
What to consider before installing
This skill mostly does what it says (approval workflows, exception detection, Discord notifications), but before installing: - Expect to provide a Discord bot token (DISCORD_BOT_TOKEN) and channel IDs (DISCORD_APPROVALS_CHANNEL, DISCORD_ALERTS_CHANNEL, DISCORD_EXCEPTIONS_CHANNEL, DISCORD_RECOVERY_CHANNEL). The registry metadata currently does not list these — treat that as a documentation gap. - Keep the Discord bot token secret and grant the bot minimal permissions required to post messages and handle interactions. - The skill writes persistent files under the skill root (data/approvals.json, logs/approval.log, logs/exceptions.json). Run it in a directory where you control file access and rotation. - Because the skill sends requests to discord.com, confirm your environment allows outbound HTTPS and that you trust posting these messages to those channels. - Review the omitted/truncated source files (not provided here) for any additional network endpoints or unexpected behavior before running in production. - Test in a staging or sandbox environment first (the skill includes test/smoke-test.sh). The main actionable concern is the metadata/manifest inconsistency around required environment variables — that should be fixed or clarified before trusting deployment.
src/rule-evaluator.js:236
Dynamic code execution detected.
src/escalation-handler.js:224
Environment variable access combined with network send.
!
src/escalation-handler.js:39
File read combined with network send (possible exfiltration).
!
src/retry-handler.js:34
File read combined with network send (possible exfiltration).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk97akb19t7dh666qmbftm1npw183psnb

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments