ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Secondme Dev Assistant

v2.1.0

Use when user wants to develop on the SecondMe platform (second.me, develop.second.me). Triggers: building SecondMe third-party apps (第三方应用/外部应用), SecondMe O...

0· 77·1 current·1 all-time
byMindverse@daihaochen-mv
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The declared purpose (developer assistant for SecondMe) aligns with most instructions: creating apps, managing credentials, MCP/integration guidance, scanning repos, and calling SecondMe APIs. However, the skill's metadata declares no required binaries or install steps while the instructions expect and use tools (npx, python3, openssl, shell utilities) and network access — that mismatch is unexplained in the registry metadata and is surprising.
!
Instruction Scope
Runtime instructions include: reading and writing files under ~/.secondme (client_secret, dev_credentials, analytics), scanning repository files (including env or auth files), creating references/api-reference.md by fetching remote docs, and an early pre-flight update check that runs npx. They also instruct automatically creating apps via platform APIs and saving returned client secrets to disk. These behaviors go beyond pure conversational help and involve local file I/O, secret persistence, and optional network fetches; the skill claims some safeguards (e.g., 'never print raw secret') but also indicates it will save secrets without the user manually doing so. The skill will prompt for telemetry and may write telemetry state and a stable device id locally.
!
Install Mechanism
The skill has no declared install spec, but the pre-flight check runs 'npx skills check' and may run 'npx skills update mindverse/second-me-skills -y' which can download and execute code from the network at runtime. That effectively implements an implicit install/update mechanism outside the registry install metadata. Running npx to fetch/update packages is higher-risk than an instruction-only skill and should be explicitly declared; the code also assumes availability of npx and will call it without listing it as a required binary.
!
Credentials
The skill declares no required environment variables, which is reasonable for a generic dev assistant, but its instructions read/write local credential files (~/.secondme/client_secret and ~/.secondme/dev_credentials), scan repo files (including env and auth files), and recommend persisting OAuth client secrets and tokens. Reading repository env or auth files can expose unrelated secrets. The telemetry flow writes analytics locally and can create a stable device id; while telemetry is local-first per the docs, the presence of any telemetry and the stable device id should be considered sensitive. The skill accesses/creates secrets but the registry did not list these persistence/config paths in 'required config paths', creating an incoherence.
Persistence & Privilege
The skill does not request 'always: true' and cannot force-enable itself globally, which is good. However, it does request persistent local state by creating ~/.secondme files (config, client_secret, dev_credentials, analytics, .device-id) and may create/modify repository files (references/api-reference.md). Persisting client secrets and tokens to disk is within the expected behavior of a developer assistant, but users should understand the exact files written and their permissions are recommended only (the skill suggests chmod-like permissions but will write the files regardless).
What to consider before installing
Things to consider before installing or enabling this skill: - It will read and write files under your home directory (~/.secondme) including storing OAuth client secrets and developer tokens; if you do not want secrets written to disk, do not allow the assistant to create or persist them. - On first use (once per conversation) it runs a pre-flight shell snippet that uses npx to check for and optionally update a 'second-me-skills' package. That can download and run code from the network even though the skill has no install spec — only enable this if you trust that update behavior. - The skill assumes availability of npx, python3, openssl and other shell tools but the registry metadata does not list these as required binaries; ensure your environment meets these prerequisites or the script may fail. - The assistant may scan repository files (README, package.json, env files, auth files) to infer integration details — be cautious if those files contain secrets for other services. - Telemetry is configurable: the skill will prompt and can store a stable device id for 'community' mode; read the prompt carefully and choose 'off' or 'anonymous' if you prefer not to create persistent identifiers. - If you proceed, consider: (1) backing up or auditing ~/.secondme before use, (2) choosing manual app creation if you want to avoid automatic secret storage, and (3) restricting network access or reviewing any downloaded updates from npx before execution. If you want, I can list the exact files and network endpoints the skill will access and give step-by-step mitigations (e.g., how to run the flows manually) before you enable it.

Like a lobster shell, security has layers — review code before you run it.

latestvk9704zwg9yzkkdyssct8rkfgw583w1vj

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments