ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

powpow_openclaw

v1.0.2

Simulates PowPow/OpenClaw interactions using in-memory storage for quick comparative testing of registration, login, avatars, chat, renewal, badges, and help.

1· 134·0 current·0 all-time
by度人自度@durenzidu
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The top-line metadata/description (and the evaluation prompt) suggests a simulation/in-memory test harness, but the SKILL.md and the compiled code implement live HTTP calls to https://global.powpow.online (register, login, create digital humans, send chat). That mismatch (simulation vs. real remote integration) is a material incoherence: someone expecting a local/in-memory simulator would not expect their credentials or messages to be transmitted to a remote service.
Instruction Scope
SKILL.md instructs the agent to register/login/create digital humans and send messages; those operations are consistent with the stated integration purpose. However the instructions omit any privacy notice and explicitly direct users to use the remote map URL. The runtime behavior will transmit usernames, passwords, and chat content to the remote PowPow API — this is within the plugin's purpose but is important scope (network) behavior the user must understand.
Install Mechanism
No install spec or external downloads are present. The package is instruction+bundled compiled JS (dist). There are no URLs that perform arbitrary code download at install time; code runs from the bundled files. This is lower install-risk, though the included compiled files contain base64 source-map URIs (expected for built JS).
!
Credentials
The skill requests no environment variables or host credentials (appropriate), but it does collect user-supplied credentials (username/password) and chat messages via its commands and transmits them to the remote service. Given the mismatch between the advertised 'in-memory/simulation' behavior and the actual remote calls, the lack of declared credentials/env-vars is not sufficient disclosure of where sensitive inputs are sent.
Persistence & Privilege
The skill does not request 'always: true' or other elevated privileges. It keeps auth tokens and state in memory (per code) and does not modify other skills or system-wide configurations.
Scan Findings in Context
[base64-block] expected: A base64-block pattern was detected (sourceMappingURL data:application/json;base64) in compiled JS files. This is common for build artifacts (inlined source maps) and not itself an injection; SKILL.md itself contains no embedded base64 payloads. Treat as a likely false-positive for prompt-injection but verify build provenance if you distrust the author.
What to consider before installing
Key points before installing or using this skill: - Expect network traffic: contrary to a 'local/in-memory simulator' expectation, this skill performs live HTTP requests to https://global.powpow.online for register/login/create/send operations. Do NOT assume offline behavior. - Sensitive inputs transmitted: usernames, passwords, and all chat messages you send through the skill will be transmitted to the remote PowPow backend. Only use throwaway/test accounts if you want to try it. - Provenance is limited: the skill's registry entry has no homepage and the package claims a GitHub repo, but the source origin is 'unknown' in the metadata provided. If you need to trust it, review the upstream repository, author reputation, and server privacy/TOS. - If you intended a local simulator, do not install or use this skill. If you accept remote integration, review the remote service (global.powpow.online): privacy policy, data retention, and whether the service's AI usage meets your security/privacy needs. - Recommended actions: inspect the package's source (dist files and skill.json), run it only in an isolated/test environment, test with non-sensitive accounts, and confirm network endpoints and behavior via network monitoring. If you are unsure about the remote service or the author, treat the skill as untrusted.

Like a lobster shell, security has layers — review code before you run it.

latestvk978s7rjwbagpk7qfc8vg07eyx84dte7

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments