ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

VetClaw Bundle

v1.0.1

VetClaw - 52个宠物医院/兽医诊所AI自动化技能套装。覆盖排班管理、病历记录、客户回访、经营分析等场景。

0· 65·0 current·0 all-time
by@daimingvip-a11y·duplicate of @daimingvip-a11y/veterinary-clinic-bundle
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Suspicious
high confidence
Purpose & Capability
The code, SKILL.md, and config files match the stated purpose (52 vet-related automation skills: appointments, records, reminders, inventory, etc.). The included FastAPI web app, SQLite schema, and per-skill handlers are consistent with a clinic assistant. However, the registry metadata claims 'required env vars: none' while the SKILL.md and config templates clearly reference multiple external-provider keys (DEEPSEEK_API_KEY, SMS_API_KEY/SMS_API_SECRET, WECHAT_APP_ID/WECHAT_APP_SECRET, DB_PASSWORD). That mismatch is unexpected and should be corrected.
!
Instruction Scope
Runtime instructions and code direct the agent/app to read and persist patient/client data (SQLite DB under data/), and to call external APIs: main.py makes HTTP calls to a DeepSeek LLM endpoint and the config references SMS/WeChat providers and payment/phone integrations. SKILL.md asserts data 'stored locally or your chosen cloud' and 'not shared with third parties', but if an LLM key or notification provider is configured, user conversations and medical data will be sent to those third parties. The instructions also ask users to edit config files with secrets — acceptable, but the data flow to external endpoints is not sufficiently highlighted in the registry metadata.
Install Mechanism
There is no external download/install spec in the registry; this bundle ships code files and an install_skills.py that generates per-skill directories. No remote archives, URL shorteners, or extraction-from-unknown-host steps are present. Installation risk is moderate because running the bundled Python app will create a local DB and may open a web server, but there is no automatic fetch of arbitrary remote code during install.
!
Credentials
The skill code and config templates expect several sensitive environment variables (DEEPSEEK_API_KEY; SMS_API_KEY and SMS_API_SECRET; WECHAT_APP_ID and WECHAT_APP_SECRET; possible DB_PASSWORD for PostgreSQL). The registry metadata declares no required env vars, and the skill does not advertise these credentials as required fields in the registry. This is a proportionality and transparency issue: the skill will read secrets from the environment but the manifest does not declare them. Also, providing these keys would allow third-party services to receive conversation and medical data.
Persistence & Privilege
The skill does not request 'always: true' or other elevated registry privileges. It runs a local FastAPI app, creates a local SQLite DB under data/, and writes skill files via install_skills.py — all normal for this type of bundle. There is no evidence it modifies other skills' configs or system-wide agent settings outside its own directory.
What to consider before installing
What to check before installing: - Manifest vs. reality: The registry lists no required environment variables, but the code and config templates use API keys for an external LLM (DEEPSEEK_API_KEY), SMS (SMS_API_KEY / SMS_API_SECRET), WeChat (WECHAT_APP_ID / WECHAT_APP_SECRET), and optional DB credentials. Ask the author to update the manifest to list required secrets. - Data exfiltration risk: If you configure an external LLM or notification provider, conversation text and patient/client data will be sent to those third parties. If that is unacceptable, do not set those API keys and run the app in 'offline' or template mode. - Run in isolation first: Start the service in a network-isolated or staging environment, without any third-party API keys, and exercise flows to see what outbound connections occur (e.g., calls to api.deepseek.com or provider endpoints). Monitor network traffic. - Limit secrets & permissions: If you must provide keys, create scoped/test credentials for the SMS/LLM providers, and do not reuse production global keys. Prefer per-environment service accounts with minimal scope. - Review code areas of interest: main.py (LLM call to https://api.deepseek.com/v1/chat/completions), config/vet-config.yaml (placeholders for SMS/WeChat/payment), and any unshown handler code that would perform outbound requests. Ensure handlers that send messages require explicit opt-in and review their templates. - Privacy & compliance: The SKILL.md claims data stays local, but enabling LLM/notification providers contradicts this. Decide whether sending medical/personal data to those providers meets your legal/privacy obligations. - Ask for provenance: The package lists GitHub links and a contact email in docs, but registry 'Source' is unknown. Verify the upstream repository and maintainer identity before deployment. If you want, I can list the exact files and lines where environment variables and external endpoints are referenced so you can audit them or propose a safer deployment checklist.

Like a lobster shell, security has layers — review code before you run it.

bundlevk973mywttyq232331f4kcgvaax83mr3xclinicvk973mywttyq232331f4kcgvaax83mr3xlatestvk97ay6604j6qv7csdbp0r0hra983mjzjveterinaryvk973mywttyq232331f4kcgvaax83mr3x

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments