Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
AI SkillHub
v2.1.0OpenClaw AI SkillHub 核心。支持两种触发方式:①「!skill URL」自动模式,AI 自动归纳关键词和分类;②「!skill 关键词 URL」手动模式,用户指定关键词。提取内容 → 生成原始内容.md + SKILL.md → 推送 GitHub。
⭐ 0· 178·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The skill's description (content extraction → generate files → push to GitHub) matches the high-level flow in SKILL.md, but the recipe requires local scripts (~/.openclaw/scripts/yt_transcript.py, wx_extract.py), a cookies file (~/.openclaw/cookies/bilibili.txt), and GitHub credentials read from ~/.openclaw/.env. None of these required files/credentials are declared in the registry metadata. Requiring arbitrary local scripts and an undeclared GitHub token is disproportionate to the stated metadata and should have been declared.
Instruction Scope
The instructions tell the agent to execute local scripts (e.g., ~/.openclaw/scripts/yt_transcript.py, wx_extract.py), run system commands (yt_dlp, whisper invocations), read files in the user's home (~/.openclaw/.env, ~/.openclaw/cookies/*), write to /tmp, and embed/consume a GitHub token to clone/push. Executing arbitrary user-local scripts and reading shell-visible .env files broadens scope well beyond content extraction and can lead to execution of arbitrary code or exposure of unrelated secrets.
Install Mechanism
No install spec (instruction-only), which is lower risk from third-party downloads. However, the skill delegates work to local scripts in ~/.openclaw/scripts and tools (yt-dlp, whisper) that may not be present and could be arbitrarily implemented by the user or a compromised process. The lack of an install manifest hides these implicit dependencies and their security implications.
Credentials
Although the registry lists no required env vars, the runtime steps explicitly read GITHUB_TOKEN, GITHUB_REPO, and GITHUB_BRANCH from ~/.openclaw/.env and may read cookies from ~/.openclaw/cookies/bilibili.txt. Requiring access to a GitHub token and arbitrary cookie files is sensitive and should have been declared; pulling credentials by grepping a local .env file is a disproportionate and under-specified request for this skill.
Persistence & Privilege
The skill is not marked always:true and does not request persistent installation. Autonomous model invocation is permitted (platform default). The concerning part is not persistence but that it executes local scripts and reads files in the user's home on each run—this increases runtime privilege but does not modify agent configuration or other skills.
What to consider before installing
This skill will execute code and read secrets from your home directory (e.g., ~/.openclaw/scripts/* and ~/.openclaw/.env) even though those credentials are not declared in the registry metadata. Before installing or enabling: 1) Inspect any local scripts the skill calls (~/.openclaw/scripts/yt_transcript.py, wx_extract.py) — they will be executed with your account privileges. 2) Don't store broad secrets in ~/.openclaw/.env; create a dedicated GitHub token with minimal scopes (repo create/write only for the single repo) if you must allow pushes. 3) Consider running the skill in an isolated/sandbox account or VM so local scripts and .env reads cannot expose unrelated secrets. 4) If you don't trust those local scripts or the source of this skill, decline installation; prefer a version that declares required env vars (GITHUB_TOKEN, GITHUB_REPO) and documents all local dependencies. 5) If you proceed, restrict the GitHub token scope, review cookie files, and disable autonomous invocation or require explicit user confirmation for push actions.Like a lobster shell, security has layers — review code before you run it.
bilibilivk97d9j5qz6c0a9ehqd63sdj57984vq2mknowledgevk97d9j5qz6c0a9ehqd63sdj57984vq2mlatestvk97d9j5qz6c0a9ehqd63sdj57984vq2mwechatvk97d9j5qz6c0a9ehqd63sdj57984vq2mwhispervk97d9j5qz6c0a9ehqd63sdj57984vq2myoutubevk97d9j5qz6c0a9ehqd63sdj57984vq2m
License
MIT-0
Free to use, modify, and redistribute. No attribution required.