ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

DNFM周本进度追踪

v1.1.0

DNFM 周本进度追踪。用于查询/更新新超越本、老超越本、周本、雷龙、团本进度。支持周五自动重置新超越本等刷新逻辑。支持自定义总量和启用/禁用副本。自动从 /root/.openclaw/workspace/dnfm-tracker/progress.json 读写数据。

0· 668·0 current·0 all-time
by@crazzies
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the implementation. The code implements querying/updating weekly progress for the listed events and implements refresh/reset logic as described. Required capabilities (read/write to progress/config JSON) are appropriate for the stated purpose.
Instruction Scope
SKILL.md commands map directly to functions in scripts/tracker.py. Instructions only direct the agent/user to run the tracker script and interact with local JSON files; they do not instruct reading unrelated files, accessing environment secrets, or contacting external endpoints.
Install Mechanism
No install spec or network downloads; this is an instruction-only skill with a bundled script. Nothing is fetched from external URLs and no packages are installed by the skill.
Credentials
The skill requests no environment variables or credentials. It only uses two hard-coded file paths under /root/.openclaw/workspace/dnfm-tracker for progress and config, which is proportional to a local tracker storing state.
Persistence & Privilege
The script persistently reads/writes files at /root/.openclaw/workspace/dnfm-tracker/*.json in the agent workspace. This is expected for stateful tracking. Note: paths are absolute and under /root, so ensure the runtime has appropriate (non-elevated) permissions and that the path is intended.
Assessment
This skill appears to be what it claims: a local progress tracker that reads and writes /root/.openclaw/workspace/dnfm-tracker/progress.json and config.json. Before installing, consider: 1) do you trust the source code? (it will write files in the agent workspace); 2) confirm the runtime has write permission to the stated path or adjust the path if you don't run as root; 3) back up any existing progress.json/config.json under that path to avoid accidental overwrite; 4) if you want extra assurance, review the included scripts/tracker.py (no network calls or secret access are present). If any of these points are unacceptable, don't install or run the script until adjusted.

Like a lobster shell, security has layers — review code before you run it.

latestvk9758whkprf94wtqwrwv9asr3d81gjka

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments