ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

xiaodu-wake-up-routine-official

v1.0.0

基于已安装的 xiaodu-control-official 编排儿童起床场景。当用户说“叫孩子起床”“开始早安模式”“帮我把孩子叫醒”,或要求让房间进入起床状态时使用。这个 skill 会复用 xiaodu-control-official 的现有脚本,对小度智能屏和小度 IoT 设备执行 scene-firs...

0· 51·0 current·0 all-time
by@dueros-mcp
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The skill's name/description (wake‑up orchestration) matches the instructions: it exclusively orchestrates scenes, IoT, and smart‑screen actions by calling scripts in skills/xiaodu-control-official. This dependency is expected for an orchestrator, but the skill assumes that external scripts exist and are trusted.
Instruction Scope
SKILL.md explicitly instructs the agent to run bash scripts (list/trigger scenes, list/control IoT, speak, control_xiaodu, push_resource) via relative paths and to persist preferences to XIAODU_CONTEXT.md and MEMORY.md. There are no instructions to call external network endpoints, but the agent will execute other-skill scripts and read/write workspace files — validate those scripts and file locations before use.
Install Mechanism
No install spec and no code files beyond SKILL.md and references — lowest risk for arbitrary code fetch. Risk instead depends on the external scripts the skill calls (which are not included here).
Credentials
The skill requests no environment variables, credentials, or config paths. Its runtime behavior aligns with that: it relies on local scripts and device lists rather than external secrets. This is proportionate to its purpose.
Persistence & Privilege
always:false and autonomous invocation allowed (normal). The skill intends to store preferences in workspace files (XIAODU_CONTEXT.md, MEMORY.md) but does not declare config paths—this is reasonable for user preferences but you should confirm where those files will be written and what they may contain (device IDs, room names, preferences).
Assessment
This skill is an orchestrator that expects an installed and trusted xiaodu-control-official dependency and will execute its scripts (list_scenes.sh, trigger_scene.sh, control_iot.sh, speak.sh, control_xiaodu.sh, etc.). Before installing: (1) confirm you have xiaodu-control-official from a trusted source and inspect its scripts for any unexpected network calls or sensitive-data handling; (2) confirm you are okay with the agent running those bash scripts from the workspace; (3) be aware the skill will write small preference files (XIAODU_CONTEXT.md, MEMORY.md) in the workspace—check their location and contents to avoid persisting secrets; (4) if you cannot inspect the dependent skill, consider sandboxing or restricting this skill’s filesystem/exec permissions. Overall the skill is internally coherent for its stated purpose, but its safety depends on the trustworthiness of the external scripts it calls.

Like a lobster shell, security has layers — review code before you run it.

latestvk974awwzx6v1c698zg1jahvxkx844kjv

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments