ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

🏨 IHG积分房查找

v2.2.1

智能查找江浙沪地区45家IHG精选酒店积分房,支持品牌、距离、积分段和行政酒廊筛选,优先推荐高性价比选项。

0· 51·0 current·0 all-time
byEddy@eddylhb
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill description and docs describe a local Python query tool that searches a hotels.json dataset — that capability matches the declared purpose and requires no external credentials. However, the repo package is inconsistent: SKILL.md and GOGO_INSTRUCTIONS refer to a query.py and hotels.json under /home/node/.openclaw/scripts/ihg-monitor-python, and skills.json/simple_skills.json exec entries reference ./scripts/query.py or the /home/node path, but the provided file manifest does NOT include query.py or hotels.json. The package does include maintenance scripts (backup, rollback, health_check, version_audit) that operate on local files. These maintenance scripts are plausible for a deployable skill but their presence without the main query implementation is disproportionate or indicates an incomplete package.
!
Instruction Scope
SKILL.md/GOGO_INSTRUCTIONS instruct the agent to run python3 /home/node/.openclaw/scripts/ihg-monitor-python/query.py, read hotels.json, and use memory/*.md files. Those instructions reference host filesystem paths outside the skill bundle. Because the authoritative query.py and hotels.json are missing from the bundle, the instructions will either fail or (if those paths exist on the host) execute code from the host environment. The health_check.py imports execute_query from query.py and will execute queries if run. There are no instructions to contact external endpoints or to read unrelated system credentials, but the path inconsistencies give the agent broad discretion to run arbitrary local scripts — this is a runtime ambiguity and a risk.
Install Mechanism
There is no install spec (instruction-only), which is lower risk. The included shell/python maintenance scripts (backup.sh, rollback.sh, version_audit.py, health_check.py) perform local filesystem operations (cp, mkdir, reading/writing under /home/node/.openclaw and backups). They do not download code from remote URLs. That is reasonable for maintenance, but because the main executable (query.py) is missing, it's unclear whether the intended runtime would require additional installs or downloads.
Credentials
The skill declares no required environment variables, no credentials, and no special config paths. The included scripts reference only local skill paths and call 'openclaw --version' in backup.sh for informational output. There are no requested secrets or unrelated credentials in the metadata. This is proportionate to the stated purpose.
Persistence & Privilege
The skill is not marked 'always:true' and uses normal exec permissions (python3) and read access to local files. The backup/rollback scripts create and copy files under ~/.openclaw/backups and can modify the skill's own files, which is expected for maintenance. There is no evidence the skill attempts to modify other skills' configs or request system-wide elevated privileges.
What to consider before installing
Do not install or enable this skill yet. The documentation expects a main executable (query.py) and a hotels.json data file, but those critical runtime files are missing from the package — that makes it unclear what will actually run. Ask the provider for the missing files and review the contents of query.py before installing. Specifically: 1) Verify query.py and hotels.json are present and inspect query.py for network calls, telemetry, or attempts to read unrelated system files or environment variables. 2) Confirm the exec path in skills.json matches where query.py will be installed (relative vs absolute paths differ across files). 3) If you must run maintenance scripts (backup.sh, rollback.sh, health_check.py), review them — they operate on ~/.openclaw and backups but do not contact remote hosts. 4) Prefer a package where SKILL.md, skills.json, and the repository file list are consistent (same version labels and included runtime files). If the author cannot provide the missing files or a clear explanation of the path/version mismatches, treat the package as untrusted.

Like a lobster shell, security has layers — review code before you run it.

latestvk976507hfcr8399z71kwawpbad84ppqw

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments