ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Resignation Check

v0.5.0

对 Office 365 / Adobe 租户的用户做离职检查——通过飞书开放平台 API(app_id/app_secret)按邮箱核对通讯录,列出疑似离职账号并交互确认删除。USE WHEN 离职检查, 离职筛查, 清理离职, 离职账号, resignation check, 账户审计, 清户, 飞书核对,...

0· 43·0 current·0 all-time
by@eggyrooch-blip
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
Requires OAuth tokenRequires sensitive credentials
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
Purpose & Capability
Functionally the skill needs access to Office 365, Adobe, and Feishu to perform resignation checks and possible deletions — those capabilities match the described purpose. HOWEVER the registry metadata lists no required environment variables or primary credential while the SKILL.md declares many high-privilege env vars (Office/Entra client secret, Adobe credentials, Feishu app_id/secret, SMTP creds, default passwords). That metadata omission is an inconsistency that reduces trust and may hide required secrets.
!
Instruction Scope
The SKILL.md instructs the agent to clone and run an external repository (office365-tools), create and read a .env with many secrets, use specific local working directory paths, and perform destructive operations (account deletion after confirmation). It also tells the agent to fetch and parse CSVs and to query Feishu with app secrets. These instructions require reading/writing local files and handling sensitive secrets; they grant broad discretion (check repository docs, run CLI commands) and reference machine-specific paths (/Users/kite/Documents/office-usertools).
!
Install Mechanism
There is no formal install spec in the registry, but SKILL.md directs an explicit git clone of https://github.com/eggyrooch-blip/office365-tools and pip installing its requirements. Cloning and running third-party code from an unvetted GitHub repo is effectively installation and execution of external code; the repo owner and code are not verified here, and there is no checksum or pinned release. This is higher risk than a purely instruction-only skill.
!
Credentials
The skill requires multiple high-privilege credentials (Entra CLIENT_ID/CLIENT_SECRET with User.ReadWrite.All / LicenseAssignment.ReadWrite.All, Adobe service credentials, FEISHU_APP_ID/FEISHU_APP_SECRET, SMTP username/password, and default account password values). These are functionally relevant but are powerful and destructive if misused. The registry metadata failing to declare them amplifies the concern. The .env template also pushes storing default passwords and SMTP credentials which is sensitive.
Persistence & Privilege
The skill is not marked always:true and does not request persistent system-wide privileges in metadata. However it instructs creating files (a .env) and installing/running a local CLI in a specific directory, which will persist code and secrets on disk. The skill can perform destructive actions (delete accounts) when run, so operational controls and safe defaults are important.
What to consider before installing
This skill plausibly does what it says, but treat it as high-risk until you audit the code and limit privileges: 1) Do NOT run against production credentials. Create a test tenant or read-only accounts first. 2) Manually review the GitHub repo (https://github.com/eggyrooch-blip/office365-tools) before cloning—inspect install scripts, requirements, and any subprocess or network calls. 3) Ensure least-privilege: avoid granting User.ReadWrite.All / LicenseAssignment.ReadWrite.All unless deletions are intentionally needed; prefer read-only scopes during initial runs. 4) Do not store high-value secrets in plaintext .env on shared machines; use a secrets vault when possible. 5) Validate FEISHU_APP_ID/SECRET and Adobe creds scope; confirm SMTP use is necessary. 6) Confirm and back up account lists and policies before performing deletions; prefer generating reports and manual approval workflows. 7) Fix the metadata mismatch: ask the publisher why registry metadata omits required env vars. If you cannot verify the repo and code, do not install or run this skill.

Like a lobster shell, security has layers — review code before you run it.

adobevk9751gtt52gakrp628y55hkwns84x76pcleanupvk9751gtt52gakrp628y55hkwns84x76pfeishuvk9751gtt52gakrp628y55hkwns84x76phrvk9751gtt52gakrp628y55hkwns84x76platestvk9751gtt52gakrp628y55hkwns84x76poffice365vk9751gtt52gakrp628y55hkwns84x76p

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments