Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description align with implementation: the script issues a POST to http://10.1.23.216:8280/rest/schema/med/query to perform fuzzy name lookup and return JSON. No unrelated services, binaries, or config paths are requested.
Instruction Scope
SKILL.md and tool.sh confine actions to the stated API call and JSON formatting. The instructions do not read other system files or environment variables. However, SKILL.md explicitly states the API token is built into the tool and the script uses that token on every request — this is an important scope/privilege detail to be aware of.
Install Mechanism
There is no install spec (instruction-only plus a small shell script). No packages are downloaded or extracted; risk from installation mechanism is low.
Credentials
The skill requires no environment variables but contains a hard-coded API token (a JWT-like string) embedded in tool.sh. Shipping credentials inside the skill is disproportionate: if the skill bundle is shared, backed up, or stored in a repo, that token can be leaked and abused. Also the endpoint is an internal IP (10.1.23.216) so the skill will only work when the agent has access to that network — running this outside the intended network could expose the token to unintended contexts.
Persistence & Privilege
always:false and no declarations of modifying other skills or system-wide config. The skill does not request persistent or elevated platform privileges.
What to consider before installing
This skill appears functionally correct for querying an internal drug-info API, but it embeds a hard-coded API token in tool.sh. That token is sensitive: if the skill bundle is shared, uploaded, or run in an environment you don't fully control, the token could be exposed or abused. Before installing: (1) ask the provider to remove the token and instead require you to supply a token via an environment variable or a secure secret store; (2) if removing the token isn't possible, treat the token as compromised and rotate it on the API side; (3) only run the skill on hosts that have network access to 10.1.23.216 and are trusted; (4) verify the token's scope/expiry with your API admin and ensure least privilege; (5) consider auditing access logs for the internal API after first use. If you cannot confirm safe handling of the embedded token, avoid installing or sharing this skill.Like a lobster shell, security has layers — review code before you run it.
latestvk97256pzvn1r51rx32e3h3385n848tnk
License
MIT-0
Free to use, modify, and redistribute. No attribution required.