ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Customer Segmentation

v1.0.0

Automatically segment customers into five levels using OKKI CRM data, score them, sync tags safely, and provide lifecycle and value-based strategy recommenda...

0· 51·0 current·0 all-time
byJaden's built a claw@cjboy007
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The skill claims to integrate with OKKI CRM (expected), and its scripts implement collection, scoring, strategy generation, and tag sync (coherent). However, the code expects an external OKKI workspace and config file (defaults to ../../../xiaoman-okki/api/config.json and ../../../.env) and will read/write token caches there. The published metadata lists no required environment variables or credentials — that is inconsistent and misleading.
!
Instruction Scope
SKILL.md tells the agent to run local scripts, which is consistent, but the scripts themselves load env files outside the skill, resolve environment variables from an external .env, read OKKI config from another workspace, and write token cache and logs there. They also call OKKI APIs to create/replace tags. These file reads/writes and cross-workspace accesses are broader than the simple 'run scripts' instructions imply.
Install Mechanism
No install spec is present (instruction-only plus included scripts). No network downloads or package installs are performed by an install step, which reduces supply-chain risk. The runtime will execute shipped JS files with Node.js, so the main operational risk comes from the scripts' behavior rather than an installer.
!
Credentials
The skill requests no credentials in its metadata but the code expects OAuth client_id/client_secret and other OKKI configuration (read from OKKI config JSON and optional .env). It loads a .env file from ../../../.env into process.env if present and will write token cache into the external OKKI_WORKSPACE path — access to these secrets and files should have been declared and limited.
!
Persistence & Privilege
The skill does write persistent state: it writes data/*.json, logs, and — importantly — writes token cache files into an external OKKI_WORKSPACE api/token.cache. Writing into another workspace's config directory can modify credentials/state used by other tools and is a privilege beyond an isolated skill. The skill does not request 'always: true', but its ability to modify external files increases its blast radius.
What to consider before installing
What to consider before installing/running: - The code expects OKKI CRM credentials and a config JSON in a path outside the skill (default ../../../xiaoman-okki/api/config.json) and will read a .env file at ../../../.env if present. The registry metadata does not declare these required credentials — assume the skill will look for and use local config files. - The scripts will write persistent files (data/, logs/) inside the skill and will also write a token cache into the external OKKI_WORKSPACE path. If that external workspace is shared with other tools, this skill could overwrite or add tokens used elsewhere. - Tag-sync performs remote writes to OKKI (but defaults to dry-run). Actual writes require --confirm; still, token acquisition and API calls will occur when confirmed. Review and test in dry-run mode first. - The scripts merge and replace customer tag arrays (cus_tag is written as a full list) — that behavior is explicit in the code, so if you want to preserve non-segmentation tags be cautious and inspect the merging logic and backups (script claims it creates backups to data/). - Recommended actions before running: - Inspect the OKKI config file (client_id, client_secret, baseUrl) that the scripts will read and ensure it points to an appropriate test workspace. - Move or provide an isolated OKKI_WORKSPACE and .env for testing so the skill cannot read unrelated credentials from your machine. - Run only the dry-run modes (collector --dry-run, tag-sync without --confirm) first and review produced data in data/ and logs/. - Backup any real OKKI workspace api/token.cache and companyEnums before performing a confirmed run. - If you intend to use this skill, update the skill metadata or code to explicitly declare required env vars/paths (so users know what sensitive data is needed) or modify the paths to point inside the skill workspace. Given the clear mismatch between declared requirements and what the code actually touches (external .env, external config and token cache), treat this skill as suspicious until you can confirm and isolate the configuration it will read/write.
scripts/strategy-output.js:260
Shell command execution detected (child_process).
scripts/customer-data-collector.js:21
Environment variable access combined with network send.
scripts/tag-sync.js:33
Environment variable access combined with network send.
!
scripts/customer-data-collector.js:26
File read combined with network send (possible exfiltration).
!
scripts/tag-sync.js:30
File read combined with network send (possible exfiltration).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk97dkvzmfcy5z9b7qc1agfj50583pegy

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments