Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
dxh141130
v1.0.1Automate punching time in/out on WPS Time / NetTime (wpstime.com NetTime). Use for phrases like setup punchclock/configure punchclock/set up time clock, clock in/clock out, start break/end break, start lunch/end lunch, check status/status. Runs a Playwright flow, captures a screenshot, and replies with a brief confirmation.
⭐ 0· 1.6k·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The skill's name/description (WPS Time punchclock automation) matches the included code which drives Playwright and uses macOS Keychain. However the registry metadata claims no required binaries or env vars even though the scripts require Node.js, the 'playwright' package, and the macOS 'security' binary. The SKILL.md mentions macOS but the skill has no OS restriction declared. These omissions are inconsistent with the stated purpose and required runtime.
Instruction Scope
SKILL.md and the runbook correctly describe logging into wpstime and taking screenshots, and the code restricts activity to the login page and subsequent site interactions. However SKILL.md documents a 'chat wizard' setup option that explicitly collects the password via chat and instructs storing it on the gateway using 'security add-generic-password' — this exposes sensitive credentials to chat/gateway logs and broadens the risk surface. The runbook also suggests changing browser password/security settings (via chrome:// URLs), which is out-of-band and could be unexpected for users.
Install Mechanism
There is no install spec. The code imports 'playwright' and expects Node. That means the runtime must already include Node and Playwright, but the skill does not declare or install them. This omission can cause runtime failures and hides the fact that a heavy dependency (Playwright) is required. The skill also relies on the system 'security' tool (macOS) — again not declared.
Credentials
The skill does not list required environment variables or credentials in metadata because it uses macOS Keychain for credentials, which is appropriate. However the SKILL.md explicitly offers a chat-based path that sends the password via chat (with only a warning). Asking users to post passwords into chat is disproportionate to the task and dangerous because chat/gateway logs may retain secrets. The code itself reads Keychain only and does not exfiltrate secrets, but the documented chat flow materially increases risk.
Persistence & Privilege
The skill does not request 'always: true', does not declare elevated persistent privileges, and does not modify other skills or global configs. Autonomous invocation is allowed (platform default) but there is no added persistence/privilege escalation in the bundle itself.
What to consider before installing
What to consider before installing:
- Platform and binaries: This skill requires a macOS host (it uses the 'security' Keychain CLI) and Node.js with the Playwright package available. Confirm the agent/gateway runs on macOS and that Node + Playwright are installed, or ask the author to provide an install spec (package.json or explicit instructions).
- Avoid the chat-based setup: Do NOT use the 'chat wizard' option that asks you to type your password into chat. Use the interactive local setup (node ./scripts/setup.mjs) so credentials go directly into the macOS Keychain and are not recorded in chat/gateway logs.
- Confirm dependencies and scope: Ask the publisher to declare required binaries (node, playwright, security) and an OS restriction (macOS). Request a package.json or install instructions so you can review and control what gets installed.
- Verify runtime behavior: Inspect and/or run the scripts in a controlled environment first. The scripts take screenshots and capture page text (which may contain sensitive info). Ensure screenshots are handled safely when attached to chat channels.
- Principle of least privilege: If you intend to allow autonomous invocation, ensure the agent's execution environment is restricted (so it cannot run arbitrary shell commands beyond what this skill needs) and monitor logs for unexpected behavior.
If you cannot confirm the above, treat the skill as risky. At minimum, ask the author to (1) add an install spec and declared OS/binary requirements, (2) remove or disable the chat-based password collection, and (3) document what data is captured in screenshots/snippets and where attachments are posted.Like a lobster shell, security has layers — review code before you run it.
latestvk9743v6097y572r9hma78mj2cd80mstw
License
MIT-0
Free to use, modify, and redistribute. No attribution required.