Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The README/SKILL.md describe a configurable enterprise WeChat archive service that expects tokens/config in config/wework_config.json, but the main service file embeds CORP_ID, CORP_SECRET, CALLBACK tokens and fixed callback URLs. Hardcoded enterprise credentials and an external callback domain (https://ai.hexync.com/...) are not justified by the stated purpose and conflict with the declared configuration flow.
Instruction Scope
SKILL.md instructs you to configure local config files, Cloudflare Tunnel, and to host callbacks on your own domain. The service file, however, defines internal routes and uses hardcoded tokens and external callback URLs; this mismatch means runtime behavior may not follow the documented deployment/configuration steps and could forward or relay data to an unexpected remote endpoint.
Install Mechanism
No download/install spec is present beyond standard Python dependencies (pip3 install flask pycryptodome requests). No remote archive fetches or opaque installers are included; installation risk is typical for a Python script package.
Credentials
Registry metadata declares no required env vars or credentials, yet the code contains embedded sensitive credentials (corp secret, tokens, AES keys) and a fixed external domain. The skill asks users to generate RSA keys and save private_key.pem, but the code does not appear to read the documented config file (instead using hardcoded values), which is disproportionate and suspicious.
Persistence & Privilege
Metadata shows no 'always: true' or other elevated persistence. The skill is user-invocable and can run as a service (start/stop scripts), which is expected for this type of integration; autonomous invocation default is not, by itself, a new concern here.
What to consider before installing
Do NOT install into a production environment yet. Review and verify the Python code before enabling: 1) The main service file hardcodes CORP_ID, CORP_SECRET, callback tokens, AES keys, and sets CALLBACK_URL/ARCHIVE_CALLBACK_URL to https://ai.hexync.com — confirm whether that domain is trusted and why it is hardcoded. 2) Ensure the service actually reads your config/wework_config.json (it should) and remove any hardcoded secrets; move secrets to a secure config or env vars. 3) Search the code for any HTTP requests or forwards to external domains and audit network egress. 4) Generate and store RSA private keys securely (do not print them to stdout) and confirm the code loads them from a secure path. 5) Run the service in an isolated test network, rotate any exposed credentials, and consider a code provenance check / contact the author to explain the discrepancies. If you cannot verify why the external URL and hardcoded secrets exist, treat the skill as unsafe for production.Like a lobster shell, security has layers — review code before you run it.
latestvk971m6zppcsjat5je9f1hx177n82bvcx
License
MIT-0
Free to use, modify, and redistribute. No attribution required.