蜂兵虾将
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: bing-bing-xia-jiang Version: 1.4.1 The skill bundle is classified as suspicious due to risky capabilities without clear malicious intent. The `AGENT_PROMPTS.md` file instructs the 'AI信息守护者' agent to perform multi-platform web searches using tools like `web_search` and `extract_content_from_websites`, where search keywords are directly determined by user input. While the implementation of these external tools is not provided, this direct influence of user input on web search parameters creates a significant prompt injection and tool-based vulnerability surface (e.g., Server-Side Request Forgery or local file disclosure if the tools can access `file://` schemes). The broad '自动执行' (automatic execution) capability mentioned in `SKILL.md` further amplifies this risk, even though no explicit malicious instructions for data exfiltration or system compromise are present in the analyzed files.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may be expected to act or prepare reports on a schedule rather than only when explicitly asked.
The skill advertises scheduled autonomous reporting and unattended execution, but the artifacts do not clearly define how the user starts, stops, limits, or audits this background behavior.
自动执行不用盯。每天上午10点、下午4点自动打报告
Require explicit opt-in for any scheduled/background behavior, document how to disable it, and keep user confirmation mandatory for meaningful actions.
The agent could take more steps automatically over time because it learned that the user often skips confirmations.
The adaptive strategy reduces confirmation based on observed user behavior. This can be useful, but it weakens approval boundaries without clearly specifying which actions still require explicit confirmation.
跳过率 > 60% | 减少确认步骤
Keep explicit approval for publishing, account changes, purchases, file deletion, persistent memory changes, and any irreversible or public action.
Personal preferences, behavior patterns, task history, and generated work products may persist and influence future outputs.
The skill stores user profiles and multi-layer memory, including permanent workflow retention, but does not clearly describe retention controls, deletion, isolation between tasks, or what user data should be excluded.
用户画像 | 记录用户交互偏好 ... module4 ... retention: "永久" ... memory: { enabled: true, layers: ['L0', 'L1', 'L2', 'L3', 'L4'] }Before installing, decide what information may be stored; the skill should add clear memory scope, retention limits, deletion commands, and sensitive-data exclusions.
Information supplied for one module may be visible to other modules in the workflow.
Passing outputs among agents is expected for this multi-agent workflow, but it means information gathered or generated in one module can be reused by later modules.
模块1-4有序执行 ... 需要接收模块1-3的完整输出
Avoid giving the skill confidential data unless you are comfortable with it being reused across the whole workflow and stored in memory.
It may be harder to verify where the code came from or whether updates are trustworthy.
The registry metadata does not identify a source repository or homepage, while the package includes runnable JavaScript/package files. This is a provenance gap, not proof of malicious behavior.
Source: unknown; Homepage: none
Only run the included npm scripts or install.sh after reviewing the package source and confirming it came from a trusted publisher.
Users may rely too heavily on automated trend or business advice, especially in sensitive areas like finance or healthcare.
The skill uses strong money-making and effort-reduction claims. This is marketing language, but it may encourage over-trust in automated analysis and recommendations.
让AI替你干活,你躺着赚钱!
Treat outputs as drafts or research aids, and independently verify facts and business, medical, financial, or legal conclusions.