ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

qwencloud-usage

v0.2.0

[QwenCloud] Manage account auth and query usage/billing. Use for: login, logout, check usage, view billing, free tier quota, coding plan status, pay-as-you-g...

0· 19·0 current·0 all-time
by@cuixiaoyang123
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
CryptoCan make purchasesRequires OAuth tokenRequires sensitive credentials
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description (login, usage, billing) match the packaged code: device-flow auth, local credential store, usage queries, and formatting. The included gossamer update-check is related (not strictly required but plausibly part of a CLI UX).
Instruction Scope
SKILL.md instructs only to install requirements and run scripts for login/summary/breakdown which is in-scope. However the runtime code does more than call an API: it probes many local system identifiers, invokes system utilities (dmidecode, ifconfig/ipconfig, networksetup), writes files under ~/.qwencloud (and may attempt /etc paths), and will run a repo-local check_update.py via subprocess if a repo root is detected. Those actions are reasonably justified for an offline credential store and update-checker but are sensitive and should be understood before use.
Install Mechanism
No remote download/install spec in the registry; the SKILL.md asks the user to create a virtualenv and pip install -r requirements.txt (cryptography, keyring). No extract-from-URL or remote executables are included in the install spec, which reduces supply-chain risk compared with arbitrary downloads.
!
Credentials
The skill declares no required credentials, but the credential_store collects many hardware and platform identifiers (machine-id, DMI fields, MAC addresses, Windows registry MachineGuid, etc.) to derive an encryption key. This is privacy-sensitive; while it's a plausible design to protect stored tokens, it grants the code broad access to local system identifiers and spawns system utilities (dmidecode, ipconfig/ifconfig). The update-check code may run a local script (check_update.py) in a repo which effectively executes code from the user's repo environment.
Persistence & Privilege
The skill does not request always:true and is user-invocable only. It persists credentials and small state under ~/.qwencloud and may write a host_id to system locations if fallback is used; these are expected behaviours for a CLI auth tool and do not indicate privilege escalation. Running as root could allow writing to /etc, but the code handles write failures and falls back.
What to consider before installing
This skill is mostly coherent with its purpose (login + usage reporting) but it does perform sensitive local operations you should be comfortable with before installing. What to consider before installing: - Review the source files (credential_store.py, device_flow.py, gossamer.py). They are included in the package and implement the behavior described. - Credentials: the skill stores access/refresh tokens locally under ~/.qwencloud using an encryption key derived from hardware identifiers (machine-id, MAC, DMI fields) or a host_id file. This is intended to protect tokens, but it means the script reads low-level system identifiers. - System commands: the code runs system utilities (dmidecode, ifconfig/ipconfig, networksetup) and subprocesses. These calls are used for key derivation and update-checks but are execution points that could fail or behave unexpectedly on locked-down systems. - Update-check: on each run the tool will try to detect a repo root and may execute a local check_update.py script (via subprocess) if found. That means it can execute code that exists in your repository; avoid running this in untrusted repositories. - Permissions: don’t run the tool as root unless you have to; as root it could write to system locations like /etc/qwencloud-host-id. Recommended actions: - If you trust the publisher and need the convenience, run it in a restricted environment (non-root user, isolated VM or container) and inspect or pin the packaged code. - If you only need read-only usage queries, consider running the scripts interactively and inspect what files they create (look under ~/.qwencloud) before giving authorizations. - If you maintain a private repo, be aware the update-check feature can execute repo-local scripts; remove or audit check_update.py in your repo if you enable this skill there. If you want a lower-risk option, ask the skill author for a version that uses an explicit, user-provided passphrase for file encryption (instead of hardware-derived keys) and disables the automatic repo-local update script invocation.

Like a lobster shell, security has layers — review code before you run it.

latestvk977ezrmnczfrmjre9jxse76td850he6

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments