ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Logistics Manager

v1.0.0

物流管理技能,提供提单生成、报关单据生成、物流跟踪等功能。支持 OKKI 客户数据同步和自动化文档处理。

0· 46·0 current·0 all-time
byJaden's built a claw@cjboy007
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
Name/description promise logistics functions and OKKI sync. The code implements those features, but the OKKI integration relies on hard-coded absolute paths under /Users/wilson/.openclaw/... and on calling external Python scripts/CLI present on the host. Those host-specific filesystem dependencies and subprocess calls are not documented in SKILL.md and are disproportionate to a simple 'logistics manager' description.
!
Instruction Scope
SKILL.md shows running Node.js server/CLI and setting LOGISTICS_API_URL only. It does not mention the need for Python, an OKKI CLI, or that the code will exec local Python scripts, write temporary Python files to /tmp, or read/write data and document directories. The runtime instructions therefore understate the actual scope and grant the skill broad discretion over local files and subprocesses.
Install Mechanism
There is no install spec (instruction-only), so nothing is downloaded at install time — that reduces supply-chain risk. However the packaged code will call 'python3' subprocesses and expects other local code (OKKI CLI/client) at absolute paths. Lack of an install step means those external dependencies are implicit and can fail or cause unexpected behavior on the host.
!
Credentials
SKILL.md declares only LOGISTICS_API_URL, but the code invokes subprocesses with env: {...process.env,...} so any environment variables (including secrets) are inherited by child Python processes. The skill does not declare or justify access to credentials or the host filesystem paths it references. That is disproportionate and increases risk of accidental exposure of environment secrets.
!
Persistence & Privilege
always:false (good), but the skill can be invoked autonomously (platform default) and its code executes arbitrary local subprocesses, writes temp scripts to /tmp, and reads/writes host files. Autonomous invocation combined with the above behaviors widens the blast radius; this capability should be considered before enabling autonomous runs.
Scan Findings in Context
[child_process_execFile] unexpected: okki_sync_controller uses execFile('python3', ...) to run external Python scripts/CLI. Running a CLI to sync to OKKI is plausible, but the code both executes arbitrary local Python scripts and constructs temporary scripts dynamically, which is not declared in SKILL.md.
[write_temp_python_script] unexpected: The controller writes a temporary Python script to /tmp and then executes it. Creating and executing temp scripts increases risk (injection risks, leaking environment variables to subprocess).
[hard_coded_absolute_paths] unexpected: Config contains hard-coded paths under /Users/wilson/.openclaw/workspace/... (okkiCliPath, okkiClientPath, logisticsModulePath). These are host-specific and suggest the skill depends on external developer-local files that will not exist on a generic host.
[inherits_process_env] unexpected: Subprocess invocations pass an env object derived from process.env, which means child processes inherit all environment variables (potentially secrets). SKILL.md does not warn about this.
[unsafe_string_interpolation] unexpected: The temp Python script interpolates companyId and content directly into source text (companyId is not quoted), which appears to be a bug and can lead to syntax errors or code-injection-like behavior if inputs are malicious or unexpected.
What to consider before installing
This skill implements useful logistics features but includes code that will: (1) execute Python subprocesses and external OKKI CLIs, (2) write temporary Python scripts to /tmp and execute them, (3) reference hard-coded, user-specific filesystem paths, and (4) inherit the entire process environment into child processes. These behaviors are not documented in SKILL.md and can expose environment secrets or run unexpected local code. Before installing: - Inspect and remove or change hard-coded paths (okkiCliPath, okkiClientPath, logisticsModulePath) to safe, configurable locations. - Ensure you have a trusted OKKI client and understand what credentials it needs; do not run this skill with high-privileged environment variables present. - Run the skill in an isolated environment (container or VM) first. - Fix the temp-Python-string interpolation bug (quote companyId and sanitize inputs). - If you do not use OKKI, consider disabling or removing okki_sync_controller/OKKI calls. - Prefer explicit declarations of required environment variables and limit child-process env to a minimal whitelist. If you are not comfortable auditing or sandboxing this code, avoid enabling autonomous invocation or installing it on production machines.
api/controllers/okki_sync_controller.js:41
Shell command execution detected (child_process).
test/e2e_test.js:75
Shell command execution detected (child_process).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk9720rskewht21q9jc6t698b8d83p2fe

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments