ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

CWork 工作协同

Send reports, create tasks, and manage drafts in the CWork collaboration platform with name resolution and draft confirmation workflow.

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 124 · 0 current installs · 0 all-time installs
by@evan-zhang
duplicate of @evan-zhang/workspace-cwork
MIT-0
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill's name, description, and listed capabilities (send/draft/query reports, create/track tasks, contact group management, analysis) align with the code and API endpoints (baseUrl points to a CWork service). Requested credential (CWORK_APP_KEY) is appropriate for an API client. However, there are packaging inconsistencies: the registry entry claimed "instruction-only" yet the bundle contains >60 TypeScript code files and a package.json. Multiple version fields disagree (_meta.json, SKILL.md header, package.json, registry metadata). These mismatches are not necessarily malicious but are unexpected and reduce trust.
Instruction Scope
SKILL.md runtime instructions are narrowly scoped to CWork operations and LLM calls (and instructs that llmClient must be injected). The code's LLM usage explicitly sets systemPrompt strings for model calls — an expected pattern for LLM-assisted features. The pre-scan found a 'system-prompt-override' pattern in SKILL.md; in context this appears to be the skill specifying systemPrompt content for llmClient.generateJSON calls (expected for LLM-dependent skills), but any skill-provided system prompts should be reviewed because they can influence model behavior.
Install Mechanism
No install spec (no downloads/run-at-install). The package is code-only in the bundle and appears to rely on runtime-provided credentials and injected llmClient; nothing is being fetched from arbitrary URLs during install. package.json lists only devDependencies (TypeScript/@types) resolved from npm mirrors — nothing suspicious in the manifest itself.
Credentials
Declared required env: CWORK_APP_KEY (package.json also lists optional CWORK_BASE_URL, SSE_TIMEOUT, PAGINATION_DEFAULT). That matches the need to authenticate API requests to a CWork endpoint. One mild inconsistency: config/index.ts states the package reads credentials from an injected runtime config (getRuntimeConfig) rather than process.env, yet the metadata and package.json declare requiredEnv. This suggests two possible usage modes (runtime injection vs environment variables); confirm how you must provide the API key. No other unrelated secrets are requested.
Persistence & Privilege
Skill does not request always:true and does not claim any elevated platform privileges. It follows a normal client pattern (API calls, SSE usage, injected llmClient). There is no evidence it writes to other skills' configs or requests system-wide credentials.
Scan Findings in Context
[system-prompt-override] expected: The detector flagged system-prompt-override patterns. The code and SKILL.md include explicit systemPrompt strings passed to llmClient.generateJSON — this is expected for LLM-driven analysis/generation skills. However, any skill-supplied system prompts can influence model outputs; review them if you need strict prompt governance.
What to consider before installing
This skill appears to implement a coherent CWork API client and asks only for CWORK_APP_KEY, which is appropriate. However, before installing: 1) Verify the source and owner (homepage is an issues page, not a clear repo release). 2) Inspect shared/cwork-client.ts, shared/setup.ts, and shared/runtime.ts (how the API key is stored/transmitted and what base URL is used). Confirm it only sends the key to the official CWork endpoint (api-reference lists https://sg-al-cwork-web.mediportal.com.cn/open-api). 3) Note packaging inconsistencies: the bundle contains many code files despite being labeled instruction-only and has mismatched version metadata — treat this as a red flag and prefer a published release from a known repository. 4) Because the skill sets system prompts for LLM calls, if you operate in a regulated environment review those prompts to ensure they do not cause undesired behaviour or leak sensitive context. If you cannot inspect the code or verify the maintainer, avoid giving your CWORK_APP_KEY to this skill.
shared/cwork-client.ts:4
Environment variable access combined with network send.
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

Current versionv2.1.2
Download zip
latestvk97e4fg41pcjdq2erxj3nhhzzx83zypf

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📋 Clawdis
OSLinux · macOS · Windows
EnvCWORK_APP_KEY

SKILL.md

When to Use

Trigger when user wants to:

  • Send, draft, or query work reports
  • Create, assign, or track tasks
  • Manage draft box (save/confirm/send/delete)
  • Query inbox, todo list, or unread reports
  • Analyze reports or summarize decisions

Quick Reference

TopicFile
Setup & securitysetup.md
Standard workflowsworkflow.md
All API endpointsapi-reference.md
Sub-domain skills*/SKILL.md

Core Rules

  1. Draft before send — Always save draft, show user for confirmation, then call draft-submit. Never call report-submit directly unless user explicitly says so.

  2. Name resolution is built-in — Pass names directly to taskCreate and report functions. Internal emp-search runs automatically. Do not ask user for empId.

  3. Ask once, act once — Collect all missing info in one message. After user confirms, call API immediately. No re-preparation loops.

  4. LLM is caller-injected — Pass { llmClient } to LLM-dependent skills. This package never stores LLM credentials.

  5. Output by channel — Telegram: bullets, no tables, conclusion first. Discord: tables OK. API: JSON.

Domains

  • shared/ — 9 data-fetch skills (no LLM)
  • reports/ — 19 skills: send, reply, draft, query, AI chat
  • tasks/ — 12 skills: create, assign, track, dashboard
  • decisions/ — 6 skills: summarize, extract conclusions
  • closure/ — 5 skills: status check, reminder
  • analysis/ — 6 skills: trends, highlights
  • contacts/ — 4 skills: groups management
  • llm/ — 1 skill: multi-source aggregation

Files

85 total
Select a file
Select a file to preview.

Comments

Loading comments…