ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

打车助手

v1.0.0

企业用车服务助手,支持即时用车、预约用车、接送机、包车等多种用车场景,提供车型选择、费用预估、订单管理等功能。Invoke when user needs to book a car, schedule a ride, airport transfer, or manage car service orders.

0· 36·0 current·0 all-time
by@cs200809
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
Name/description (enterprise ride‑hailing helper) matches the provided code's functionality (estimate_price, request_ride, schedule_ride, airport transfer, order management). However SKILL.md explicitly states 'must call real platform API' and '禁止自行编造价格或车辆信息' while the included car_service_api.py uses randomized/simulated distance, duration and drivers (i.e., fabricates data). No environment variables, endpoints, or credentials are declared to integrate a real provider — this is an incoherence between stated requirements and actual implementation.
!
Instruction Scope
SKILL.md constrains the agent to call real external platform APIs for live pricing/availability, but the runtime instructions and shipped code do not provide connection details or credential handling. The instructions do not ask to read local secrets or system paths, but they do demand contacting external APIs; that is not supported by the code, leaving the implementation ambiguous and granting the agent leeway to decide how to satisfy the constraint (potentially risky). Also the SKILL.md was flagged for unicode control characters (possible prompt‑injection).
Install Mechanism
No install spec; the skill is instruction‑plus local Python scripts and only requires python3. Nothing is downloaded or installed from external URLs, and no archive extraction occurs. This is low install risk.
!
Credentials
Declared requirements list no environment variables or credentials, but the SKILL.md's 'must call real platform API' implies the need for API keys/credentials. The absence of declared env vars, primary credential, or config paths is inconsistent with the stated need to integrate an external ride‑hailing provider, raising questions about how real integrations would be configured and authorized.
Persistence & Privilege
The skill does not request always:true and does not declare changes to other skills or system configs. It appears to run only when invoked; no elevated persistence or cross‑skill config writes are present in the provided files.
Scan Findings in Context
[unicode-control-chars] unexpected: SKILL.md contains unicode control characters flagged as possible prompt‑injection. This is not expected for a ride‑hailing helper; it could be an attempt to influence rendering or evaluation. Recommend manual inspection and removal of invisible control characters.
What to consider before installing
This skill's goal (enterprise ride‑hailing) matches the included Python code, but there are important mismatches you should address before installing or using it: - SKILL.md requires calling a real ride‑hailing platform API and forbids fabricating prices, but the shipped code currently simulates distances/prices and drivers using random values. Decide whether you accept simulated behavior or need a real provider integration. - If you expect live integration, ask the author for the exact API endpoints, required environment variables (API keys, secrets), and how credentials should be provided. Right now no env vars or endpoints are declared — giving credentials later without knowing where they're used is risky. - The SKILL.md contains unicode control characters (possible prompt‑injection). Inspect the SKILL.md for hidden characters and sanitize it. - Review the Python files for any network calls before providing credentials. The current code appears local-only (no outbound HTTP calls), but if the author replaces or extends it to call external services, that change could exfiltrate data if not audited. Actionable next steps: request from the publisher a clear integration design (endpoints, auth scheme), remove or explain the unicode control chars, and only supply credentials after verifying which code will use them and where network traffic will go.

Like a lobster shell, security has layers — review code before you run it.

latestvk970m8qfvfrve8ez4akdhh8w1983z80b

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🚗 Clawdis
Binspython3

Comments